Home/Product/misskey
Product

misskey

28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-28433
>= 10.93.0 and < 2026.3.1
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2
4.3MEDIUM
 CVE-2026-28432
< 2026.3.1
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that all
7.5HIGH
 CVE-2026-28431
>= 8.45.0 and < 2026.3.1
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 20
7.5HIGH
 CVE-2025-66482
>= 13.1.0 and < 2025.12.0
Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse pr
6.5MEDIUM
 CVE-2025-66402
>= 13.1.0 and < 2025.12.0
Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an
6.5MEDIUM
 CVE-2025-46559
>= 12.31.0 and < 2025.4.1
Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing val
5.4MEDIUM
 CVE-2025-46553
>= 3.0.1 and < 5.2.1
@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic
6.1MEDIUM
 CVE-2025-46340
>= 12.0.0 and < 2025.4.1
Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an ov
7.2HIGH
 CVE-2025-25306
< 2025.2.1
Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relatio
9.3CRITICAL
 CVE-2025-24897
>= 12.109.0 and < 2025.2.0
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, du
8.2HIGH
 CVE-2025-24896
>= 12.109.0 and <= 2025.1.0
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a
8.1HIGH
 CVE-2024-52593
>= 12.29.0 and < 2024.11.0
Misskey is an open source, federated social media platform.In affected versions missing validation in `NoteCreateService.insertNot
5.3MEDIUM
 CVE-2024-52592
>= 10.92.1 and < 2024.11.0
Misskey is an open source, federated social media platform. In affected versions missing validation in ApInboxService.update all
5.3MEDIUM
 CVE-2024-52591
< 2024.11.0
Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet
9.3CRITICAL
 CVE-2024-52590
> 2024.8.0 and < 2024.11.0
Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet
6.5MEDIUM
 CVE-2024-52579
< 2024.11.0
Misskey is an open source, federated social media platform. Some APIs using HttpRequestService do not properly check the target
6.4MEDIUM
 CVE-2024-32983
< 2024.5.0
Misskey is an open source, decentralized microblogging platform. Misskey doesn't perform proper normalization on the JSON structur
8.2HIGH
 CVE-2024-25636
< 2024.2.0
Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching
7.1HIGH
 CVE-2023-52139
< 2023.12.1
Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or W
9.0CRITICAL
 CVE-2023-49079
< 2023.11.1
Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to i
9.3CRITICAL
 CVE-2023-43793
< 2023.9.0
Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass t
7.5HIGH
 CVE-2023-24812
< 13.3.3
Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insuf
8.8HIGH
 CVE-2023-24811
< 13.3.2
Misskey is an open source, decentralized social media platform. In versions prior to 13.3.2 the URL preview function is subject to
7.1HIGH
 CVE-2023-24810
< 13.3.1
Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during miauth
7.1HIGH
 CVE-2023-25154
< 13.5.0
Misskey is an open source, decentralized social media platform. In versions prior to 13.5.0 the link to the instance to the sender
7.1HIGH
 CVE-2021-39195
< 12.90.0
Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability
7.7HIGH
 CVE-2021-39169
< 12.51.0
Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web clien
8.0HIGH
 CVE-2019-1020010
>= 10.46.0 and < 10.102.4
Misskey before 10.102.4 allows hijacking a user's token.
6.1MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin