VYPR

npm package

misskey-js

pkg:npm/misskey-js

Vulnerabilities (2)

  • CVE-2025-66482Dec 15, 2025
    affected >= 2025.9.1, < 2025.12.0-alpha.2fixed 2025.12.0-alpha.2

    Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option (`trustProxy`) has been ad

  • CVE-2025-66402Dec 15, 2025
    affected >= 13.0.0-beta.16, < 2025.12.0fixed 2025.12.0

    Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue.