Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40fedify/fedify@1.7.14
Typenpm
Namespace@fedify
Namefedify
Version1.7.14
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.6.13
Latest_non_vulnerable_version1.9.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4121-6555-67fv
vulnerability_id VCID-4121-6555-67fv
summary 
Fedify has ReDoS Vulnerability in HTML Parsing Regex
A Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsing regex at `packages/fedify/src/runtime/docloader.ts:259` contains nested quantifiers that cause catastrophic backtracking when processing maliciously crafted HTML responses.

**An attacker-controlled federated server can respond with a small (~170 bytes) malicious HTML payload that blocks the victim's Node.js event loop for 14+ seconds, causing a Denial of Service.**

| Field | Value |
|-------|-------|
| **CWE** | CWE-1333 (Inefficient Regular Expression Complexity) |

---
references
0
reference_url https://github.com/fedify-dev/fedify
reference_id
reference_type
scores
url https://github.com/fedify-dev/fedify
1
reference_url https://github.com/fedify-dev/fedify/commit/2bdcb24d7d6d5886e0214ed504b63a6dc5488779
reference_id
reference_type
scores
url https://github.com/fedify-dev/fedify/commit/2bdcb24d7d6d5886e0214ed504b63a6dc5488779
2
reference_url https://github.com/fedify-dev/fedify/commit/bf2f0783634efed2663d1b187dc55461ee1f987a
reference_id
reference_type
scores
url https://github.com/fedify-dev/fedify/commit/bf2f0783634efed2663d1b187dc55461ee1f987a
3
reference_url https://github.com/fedify-dev/fedify/releases/tag/1.6.13
reference_id
reference_type
scores
url https://github.com/fedify-dev/fedify/releases/tag/1.6.13
4
reference_url https://github.com/fedify-dev/fedify/releases/tag/1.7.14
reference_id
reference_type
scores
url https://github.com/fedify-dev/fedify/releases/tag/1.7.14
5
reference_url https://github.com/fedify-dev/fedify/releases/tag/1.8.15
reference_id
reference_type
scores
url https://github.com/fedify-dev/fedify/releases/tag/1.8.15
6
reference_url https://github.com/fedify-dev/fedify/releases/tag/1.9.2
reference_id
reference_type
scores
url https://github.com/fedify-dev/fedify/releases/tag/1.9.2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68475
reference_id CVE-2025-68475
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-68475
8
reference_url https://github.com/advisories/GHSA-rchf-xwx2-hm93
reference_id GHSA-rchf-xwx2-hm93
reference_type
scores
url https://github.com/advisories/GHSA-rchf-xwx2-hm93
9
reference_url https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93
reference_id GHSA-rchf-xwx2-hm93
reference_type
scores
url https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93
fixed_packages
0
url pkg:npm/%40fedify/fedify@1.6.13
purl pkg:npm/%40fedify/fedify@1.6.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540fedify/fedify@1.6.13
1
url pkg:npm/%40fedify/fedify@1.7.14
purl pkg:npm/%40fedify/fedify@1.7.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540fedify/fedify@1.7.14
2
url pkg:npm/%40fedify/fedify@1.8.15
purl pkg:npm/%40fedify/fedify@1.8.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540fedify/fedify@1.8.15
3
url pkg:npm/%40fedify/fedify@1.9.2
purl pkg:npm/%40fedify/fedify@1.9.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540fedify/fedify@1.9.2
aliases CVE-2025-68475, GHSA-rchf-xwx2-hm93
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4121-6555-67fv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540fedify/fedify@1.7.14