VulnerableCode Package Details - pkg:npm/%40fedify/fedify@2.0.18

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/%40fedify/fedify@2.0.18

Essentials
History (2)

purl	pkg:npm/%40fedify/fedify@2.0.18

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-wpep-ax9c-jyb6	Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked Data Signature, allowing them to alter a third-party signed activity they have received. Versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3 fix the issue.	CVE-2026-42462 GHSA-9rfg-v8g9-9367

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T07:51:19.694197+00:00	GithubOSV Importer	Fixing	VCID-wpep-ax9c-jyb6	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-9rfg-v8g9-9367/GHSA-9rfg-v8g9-9367.json	38.6.0
2026-06-11T20:38:50.728685+00:00	GHSA Importer	Fixing	VCID-wpep-ax9c-jyb6	https://github.com/advisories/GHSA-9rfg-v8g9-9367	38.6.0