Misskey-dev Misskey
27 CVEs affecting Misskey-dev Misskey. Latest disclosed: 2026-03-09. Critical: 3, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-25306 | Critical | 9.3 | 2025-03-10 | Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url`… |
CVE-2023-49079 | Critical | 9.3 | 2023-11-29 | Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to impersonate any remote user. T… |
CVE-2023-52139 | Critical | 9.1 | 2023-12-29 | Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorr… |
CVE-2023-24812 | High | 8.8 | 2023-02-22 | Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation… |
CVE-2025-24897 | High | 8.2 | 2025-02-11 | Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protectio… |
CVE-2024-32983 | High | 8.2 | 2024-06-03 | Misskey is an open source, decentralized microblogging platform. Misskey doesn't perform proper normalization on the JSON structures of incoming signed Activit… |
CVE-2025-24896 | High | 8.1 | 2025-02-11 | Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is… |
CVE-2021-39169 | High | 8.0 | 2021-08-27 | Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display… |
CVE-2021-39195 | High | 7.7 | 2021-09-07 | Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" a… |
CVE-2023-43793 | High | 7.5 | 2023-10-04 | Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull… |
CVE-2024-49363 | High | 7.4 | 2024-12-18 | Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/misskey 2024.10.1 or… |
CVE-2025-46340 | High | 7.2 | 2025-05-05 | Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation per… |
CVE-2024-25636 | High | 7.1 | 2024-02-19 | Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objec… |
CVE-2023-24810 | High | 7.1 | 2023-02-22 | Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during `miauth` authentication in Misskey, a… |
CVE-2023-24811 | High | 7.1 | 2023-02-22 | Misskey is an open source, decentralized social media platform. In versions prior to 13.3.2 the URL preview function is subject to a cross site scripting vulne… |
CVE-2023-25154 | High | 7.1 | 2023-02-22 | Misskey is an open source, decentralized social media platform. In versions prior to 13.5.0 the link to the instance to the sender that appears when viewing a… |
CVE-2024-52579 | Medium | 6.4 | 2024-12-18 | Misskey is an open source, federated social media platform. Some APIs using `HttpRequestService` do not properly check the target host. This vulnerability allo… |
CVE-2025-46559 | Medium | 5.4 | 2025-05-05 | Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows ma… |
CVE-2026-28433 | | 2026-03-09 | Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerabil… | |
CVE-2026-28432 | | 2026-03-09 | Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature… |