Lemmynet Lemmy
6 CVEs affecting Lemmynet Lemmy. Latest disclosed: 2026-05-08. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-23649 | High | 7.5 | 2024-01-24 | Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when th… |
CVE-2026-42181 | Medium | 6.5 | 2026-05-08 | Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default Sto… |
CVE-2026-33693 | Medium | 6.5 | 2026-03-27 | Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the `v4_is_invalid()` function in `activitypub-federation-rust` (`src/ut… |
CVE-2026-42180 | Medium | 6.3 | 2026-05-08 | Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post throu… |
CVE-2025-25194 | Medium | 4.0 | 2025-02-10 | Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for… |
CVE-2026-29178 | | 2026-03-06 | Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for… |