friendica CVE Vulnerabilities & Metrics

Focus on friendica vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About friendica Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with friendica. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total friendica CVEs: 3
Earliest CVE date: 05 Apr 2021, 23:15 UTC
Latest CVE date: 20 Aug 2024, 14:15 UTC

Latest CVE reference: CVE-2024-39094

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical friendica CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.67

Max CVSS: 5.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS friendica CVEs

These are the five CVEs with the highest CVSS scores for friendica, sorted by severity first and recency.

CVE-2021-30141 friendica Published on 05 Apr 2021, 23:15 UTC (CVSS: 5.0)
Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users.
CVE-2024-39094 friendica Published on 20 Aug 2024, 14:15 UTC (CVSS: 0)
Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters.
CVE-2024-27729 friendica Published on 15 Aug 2024, 19:15 UTC (CVSS: 0)
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.

All CVEs for friendica

CVE-2024-39094 friendica vulnerability CVSS: 0 20 Aug 2024, 14:15 UTC

Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters.

CVE-2024-27729 friendica vulnerability CVSS: 0 15 Aug 2024, 19:15 UTC

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.

CVE-2021-30141 friendica vulnerability CVSS: 5.0 05 Apr 2021, 23:15 UTC

Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users.