Joinmastodon Security Vulnerabilities (CVEs)
Track 21 security vulnerabilities affecting Joinmastodon products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows unauthenticated attackers to register FASP accounts with attacker-controlled base URLs that point to internal systems, forci...
Feb 24, 2026Mastodon servers with AUTHORIZED_FETCH enabled are vulnerable to web cache poisoning where ActivityPub endpoints for pinned posts and featured hashtag...
Feb 4, 2026Mastodon servers running vulnerable versions allow attackers to create remote posts with unlimited poll options, causing excessive resource consumptio...
Jan 22, 2026Mastodon servers prior to patched versions allow users to set arbitrarily long names for lists/filters and filter keywords, enabling resource exhausti...
Jan 22, 2026This CVE describes an insecure direct object reference vulnerability in Mastodon's web push subscription update endpoint. Authenticated users can tamp...
Jan 22, 2026This CVE describes a logic error in Mastodon's user suspension feature that allows posts from suspended remote users to appear in timelines. All Masto...
Jan 22, 2026Mastodon's IP address filtering mechanism had incomplete coverage, allowing attackers to bypass protections against local network requests. This enabl...
Jan 8, 2026This vulnerability in Mastodon allows any registered local user to access lists of severed relationships (lost followers/followed users) from moderati...
Jan 8, 2026This vulnerability in Mastodon allows attackers to confirm the existence of private statuses by sending requests with non-English Accept-Language head...
Dec 10, 2025This vulnerability allows attackers to bypass quote controls in Mastodon by reblogging a post and then quoting their own reblog, effectively quoting c...
Oct 21, 2025Mastodon's streaming server incorrectly allows OAuth clients with valid authentication tokens to subscribe to public timeline events even when those t...
Oct 13, 2025Mastodon servers running vulnerable versions allow disabled or suspended user accounts to maintain real-time streaming API connections, receiving upda...
Oct 13, 2025This vulnerability allows attackers to bypass email confirmation rate limits in Mastodon by rotating IP addresses, enabling them to send unlimited con...
Aug 6, 2025Mastodon instances with domain block visibility set to 'users' (logged-in users) inadvertently expose block reasons to unapproved users. This affects ...
Feb 27, 2025This CVE describes an authorization bypass vulnerability in Mastodon where attackers can craft specific activities to extend the audience of posts the...
Jul 5, 2024This vulnerability in Mastodon's LDAP authentication allows attackers to impersonate and take over any remote account due to insufficient origin valid...
Feb 1, 2024This vulnerability in Mastodon allows attackers to spoof domains they don't own by exploiting flaws in domain name normalization. This could enable im...
Sep 19, 2023This vulnerability allows attackers to inject arbitrary HTML into Mastodon oEmbed preview cards by bypassing HTML sanitization. When users click on ma...
Jul 6, 2023This vulnerability in Mastodon allows malicious servers to perform slowloris-type attacks by extending HTTP response durations indefinitely. This can ...
Jul 6, 2023This vulnerability allows attackers to perform LDAP injection attacks on Mastodon instances configured with LDAP authentication. By manipulating login...
Apr 4, 2023Mastodon instances running vulnerable versions have incorrect access control due to improper handling of signed JSON-LD activities. This allows attack...
Feb 3, 2022Why Monitor Joinmastodon Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 21+ known vulnerabilities affecting Joinmastodon products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Joinmastodon packages in under 60 seconds. No agents required - completely agentless scanning that works across Joinmastodon deployments.
Free vulnerability database: Access detailed information about every Joinmastodon CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Joinmastodon CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
