| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-28433 | Misskey lacks resource ownership validation | misskey-dev | misskey | - | - | 2026-03-09 21:21:06 | Deep Dive |
| CVE-2026-28432 | HTTP signature verification can be bypassed | misskey-dev | misskey | - | - | 2026-03-09 21:19:43 | Deep Dive |
| CVE-2026-28431 | Misskey lacks proper authorization checks and input validation | misskey-dev | misskey | - | - | 2026-03-09 21:17:33 | Deep Dive |
| CVE-2025-66482 | Misskey has a login rate limit bypass via spoofed X-Forwarded-For header | misskey-dev | misskey | - | - | 2025-12-15 23:18:37 | Deep Dive |
| CVE-2025-66402 | misskey.js's export data contains private post data | misskey-dev | misskey | - | - | 2025-12-15 23:09:58 | Deep Dive |
| CVE-2025-46559 | Misskey Directory Traversal Vulnerability in AiScript via `Mk:api` | misskey-dev | misskey | Medium | 5.4 | 2025-05-05 18:38:36 | Deep Dive |
| CVE-2025-46340 | Misskey CSS Style Injection Vulnerability In `MkUrlPreview` | misskey-dev | misskey | High | 7.2 | 2025-05-05 18:35:38 | Deep Dive |
| CVE-2025-46553 | @misskey-dev/summaly Redirect Filter Bypass | misskey-dev | summaly | - | - | 2025-05-05 18:28:50 | Deep Dive |
| CVE-2025-25306 | Misskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated Notes | misskey-dev | misskey | Critical | 9.3 | 2025-03-10 18:13:46 | Deep Dive |
| CVE-2025-24897 | Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes | misskey-dev | misskey | High | 8.2 | 2025-02-11 15:20:29 | Deep Dive |
| CVE-2025-24896 | Misskey allows token to remain valid in cookie after signing out | misskey-dev | misskey | High | 8.1 | 2025-02-11 15:14:09 | Deep Dive |
| CVE-2024-49363 | Uncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in Misskey | misskey-dev | misskey | High | 7.4 | 2024-12-18 19:24:34 | Deep Dive |
| CVE-2024-52579 | Server-Side Request Forgery vulnerability in various APIs in Misskey | misskey-dev | misskey | Medium | 6.4 | 2024-12-18 19:22:32 | Deep Dive |
| CVE-2024-52590 | Missing validation allows spoofed profiles in Misskey | misskey-dev | misskey | 高危 | - | 2024-12-18 19:21:33 | Deep Dive |
| CVE-2024-52591 | Missing validation allows spoofed profiles and notes in Misskey | misskey-dev | misskey | 高危 | - | 2024-12-18 19:20:31 | Deep Dive |
| CVE-2024-52592 | Missing validation allows spoofed poll updates in Misskey | misskey-dev | misskey | 中危 | - | 2024-12-18 19:19:18 | Deep Dive |
| CVE-2024-52593 | Missing validation allows spoofed "origin" links in Misskey | misskey-dev | misskey | 中危 | - | 2024-12-18 19:17:49 | Deep Dive |
| CVE-2024-32983 | Misskey allows the impersonation and takeover of remote accounts with unnormalized signed activities | misskey-dev | misskey | High | 8.2 | 2024-06-03 15:16:26 | Deep Dive |
| CVE-2024-25636 | Lack of media type verification of Activity Streams objects allows impersonation and takeover of remote accounts | misskey-dev | misskey | High | 7.1 | 2024-02-19 19:42:21 | Deep Dive |
| CVE-2023-52139 | Misskey vulnerable to improper authorization when accessing with third-party application | misskey-dev | misskey | Critical | 9.0 | 2023-12-29 17:21:02 | Deep Dive |