npm package
misskey-js
pkg:npm/misskey-js
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-66482 | — | >= 2025.9.1, < 2025.12.0-alpha.2 | 2025.12.0-alpha.2 | Dec 15, 2025 | Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option (`trustProxy`) has been ad | ||
| CVE-2025-66402 | — | >= 13.0.0-beta.16, < 2025.12.0 | 2025.12.0 | Dec 15, 2025 | Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue. |
- CVE-2025-66482Dec 15, 2025affected >= 2025.9.1, < 2025.12.0-alpha.2fixed 2025.12.0-alpha.2
Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option (`trustProxy`) has been ad
- CVE-2025-66402Dec 15, 2025affected >= 13.0.0-beta.16, < 2025.12.0fixed 2025.12.0
Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue.