joinmastodon

Top products

The 15 most recently published vulnerabilities affecting joinmastodon.

• CVE-2026-41259Mastodon: Insufficient verification of email addresses7.5Apr 23, 2026
• CVE-2026-33869Mastodon has a denial of service for quote authorization4.8Mar 27, 2026
• CVE-2026-33868Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>'4.3Mar 27, 2026
• CVE-2026-27477Mastodon has SSRF via unvalidated FASP Provider base_url5.9Feb 24, 2026
• CVE-2026-27468Mastodon may allow unconfirmed FASP to make subscriptions8.2Feb 24, 2026
• CVE-2026-25540Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`)6.5Feb 4, 2026
• CVE-2026-23964Mastodon has insufficient access control to push notification settings6.5Jan 22, 2026
• CVE-2026-23963Mastodon missing length limits on list names, filter names, and filter keywords4.3Jan 22, 2026
• CVE-2026-23962Mastodon vulnerable to Denial of Service from a single post (client/server)7.5Jan 22, 2026
• CVE-2026-23961Mastodon may allow a remote suspension bypass5.3Jan 22, 2026
• CVE-2026-22246Local Mastodon users can enumerate and access severed relationships of every other local user6.5Jan 8, 2026
• CVE-2026-22245Mastodon has SSRF Protection bypass7.5Jan 8, 2026
• CVE-2025-67500Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration3.7Dec 9, 2025
• CVE-2025-62605Mastodon quotes control can be bypassed4.3Oct 21, 2025
• CVE-2025-62176Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels4.3Oct 13, 2025