# Reporting Security Issues If you discover a security issue in Misskey, please report it by **[this form](https://github.com/misskey-dev/misskey/security/advisories/new)**. This will allow us to assess the risk, and make a fix available before we add a bug report to the GitHub repository. CherryPick shares security fixes with Misskey. Thanks for helping make Misskey safe for everyone. ## When create a patch If you can also create a patch to fix the vulnerability, please create a PR on the private fork. > [!note] > There is a GitHub bug that prevents merging if a PR not following the develop branch of upstream, so please keep follow the develop branch.