{"url":"http://public2.vulnerablecode.io/api/packages/73074?format=json","purl":"pkg:npm/%40fedify/fedify@1.6.13","type":"npm","namespace":"@fedify","name":"fedify","version":"1.6.13","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.7.14","latest_non_vulnerable_version":"1.9.2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49494?format=json","vulnerability_id":"VCID-4121-6555-67fv","summary":"Fedify has ReDoS Vulnerability in HTML Parsing Regex\nA Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsing regex at `packages/fedify/src/runtime/docloader.ts:259` contains nested quantifiers that cause catastrophic backtracking when processing maliciously crafted HTML responses.\n\n**An attacker-controlled federated server can respond with a small (~170 bytes) malicious HTML payload that blocks the victim's Node.js event loop for 14+ seconds, causing a Denial of Service.**\n\n| Field | Value |\n|-------|-------|\n| **CWE** | CWE-1333 (Inefficient Regular Expression Complexity) |\n\n---","references":[{"reference_url":"https://github.com/fedify-dev/fedify","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/fedify-dev/fedify"},{"reference_url":"https://github.com/fedify-dev/fedify/commit/2bdcb24d7d6d5886e0214ed504b63a6dc5488779","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/fedify-dev/fedify/commit/2bdcb24d7d6d5886e0214ed504b63a6dc5488779"},{"reference_url":"https://github.com/fedify-dev/fedify/commit/bf2f0783634efed2663d1b187dc55461ee1f987a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/fedify-dev/fedify/commit/bf2f0783634efed2663d1b187dc55461ee1f987a"},{"reference_url":"https://github.com/fedify-dev/fedify/releases/tag/1.6.13","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/fedify-dev/fedify/releases/tag/1.6.13"},{"reference_url":"https://github.com/fedify-dev/fedify/releases/tag/1.7.14","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/fedify-dev/fedify/releases/tag/1.7.14"},{"reference_url":"https://github.com/fedify-dev/fedify/releases/tag/1.8.15","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/fedify-dev/fedify/releases/tag/1.8.15"},{"reference_url":"https://github.com/fedify-dev/fedify/releases/tag/1.9.2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/fedify-dev/fedify/releases/tag/1.9.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68475","reference_id":"CVE-2025-68475","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68475"},{"reference_url":"https://github.com/advisories/GHSA-rchf-xwx2-hm93","reference_id":"GHSA-rchf-xwx2-hm93","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rchf-xwx2-hm93"},{"reference_url":"https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93","reference_id":"GHSA-rchf-xwx2-hm93","reference_type":"","scores":[],"url":"https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73074?format=json","purl":"pkg:npm/%40fedify/fedify@1.6.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540fedify/fedify@1.6.13"},{"url":"http://public2.vulnerablecode.io/api/packages/73075?format=json","purl":"pkg:npm/%40fedify/fedify@1.7.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540fedify/fedify@1.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/73076?format=json","purl":"pkg:npm/%40fedify/fedify@1.8.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540fedify/fedify@1.8.15"},{"url":"http://public2.vulnerablecode.io/api/packages/73077?format=json","purl":"pkg:npm/%40fedify/fedify@1.9.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540fedify/fedify@1.9.2"}],"aliases":["CVE-2025-68475","GHSA-rchf-xwx2-hm93"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4121-6555-67fv"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540fedify/fedify@1.6.13"}