Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

misskey-dev — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting misskey-dev. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by misskey-dev:misskeysummaly
CVE IDTitleCVSSSeverityPublished
CVE-2026-28433 Misskey lacks resource ownership validation — misskeyCWE-639 7.1AIHighAI2026-03-09
CVE-2026-28432 HTTP signature verification can be bypassed — misskeyCWE-347 7.5AIHighAI2026-03-09
CVE-2026-28431 Misskey lacks proper authorization checks and input validation — misskeyCWE-285 5.9AIMediumAI2026-03-09
CVE-2025-66482 Misskey has a login rate limit bypass via spoofed X-Forwarded-For header — misskeyCWE-307 5.3AIMediumAI2025-12-15
CVE-2025-66402 misskey.js's export data contains private post data — misskeyCWE-862 5.3AIMediumAI2025-12-15
CVE-2025-46559 Misskey Directory Traversal Vulnerability in AiScript via `Mk:api` — misskeyCWE-22 5.4 Medium2025-05-05
CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview` — misskeyCWE-20 7.2 High2025-05-05
CVE-2025-46553 @misskey-dev/summaly Redirect Filter Bypass — summalyCWE-693 6.1AIMediumAI2025-05-05
CVE-2025-25306 Misskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated Notes — misskeyCWE-346 9.3 Critical2025-03-10
CVE-2025-24897 Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes — misskeyCWE-352 8.2 High2025-02-11
CVE-2025-24896 Misskey allows token to remain valid in cookie after signing out — misskeyCWE-613 8.1 High2025-02-11
CVE-2024-49363 Uncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in Misskey — misskeyCWE-405 7.4 High2024-12-18
CVE-2024-52579 Server-Side Request Forgery vulnerability in various APIs in Misskey — misskeyCWE-918 6.4 Medium2024-12-18
CVE-2024-52590 Missing validation allows spoofed profiles in Misskey — misskeyCWE-20 8.8 -2024-12-18
CVE-2024-52591 Missing validation allows spoofed profiles and notes in Misskey — misskeyCWE-20 8.1 -2024-12-18
CVE-2024-52592 Missing validation allows spoofed poll updates in Misskey — misskeyCWE-20 5.3 -2024-12-18
CVE-2024-52593 Missing validation allows spoofed "origin" links in Misskey — misskeyCWE-20 5.4 -2024-12-18
CVE-2024-32983 Misskey allows the impersonation and takeover of remote accounts with unnormalized signed activities — misskeyCWE-863 8.2 High2024-06-03
CVE-2024-25636 Lack of media type verification of Activity Streams objects allows impersonation and takeover of remote accounts — misskeyCWE-434 7.1 High2024-02-19
CVE-2023-52139 Misskey vulnerable to improper authorization when accessing with third-party application — misskeyCWE-285 9.1 Critical2023-12-29
CVE-2023-49079 Misskey's missing signature validation allows arbitrary users to impersonate any remote user. — misskeyCWE-347 9.3 Critical2023-11-29
CVE-2023-43793 Misskey allows users to bypass authentication of Bull dashboard — misskeyCWE-287 7.5 High2023-10-04
CVE-2023-24810 Cross site scripting (XSS) vulnerability using authentication callback in Misskey — misskeyCWE-79 7.1 High2023-02-22
CVE-2023-24811 Cross site scripting (XSS) vulnerability using url preview in Misskey — misskeyCWE-79 7.1 High2023-02-22
CVE-2023-24812 SQL injection of notes/search-by-tag — misskeyCWE-89 8.8 High2023-02-22
CVE-2023-25154 Cross site scripting (XSS) of ActivityPub URI in misskey — misskeyCWE-79 7.1 High2023-02-22
CVE-2021-39195 Server-Side Request Forgery vulnerability in misskey — misskeyCWE-918 7.7 High2021-09-07
CVE-2021-39169 XSS vulnerability using dialog — misskeyCWE-79 8.0 High2021-08-27

This page lists every published CVE security advisory associated with misskey-dev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.