If you discover a security issue in Misskey, please report it by this form.
This will allow us to assess the risk, and make a fix available before we add a bug report to the GitHub repository.
Thanks for helping make Misskey safe for everyone.
Note
CNA requires that CVEs include a description in English for inclusion in the CVE Catalog.
When creating a security advisory, all content must be written in English (it is acceptable to include a non-English description along with the English one).
If you can also create a patch to fix the vulnerability, please create a PR on the private fork.
Note
There is a GitHub bug that prevents merging if a PR not following the develop branch of upstream, so please keep follow the develop branch.