| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-30611 | Reaction metadata exposed in private topics in Discourse-reactions | discourse | discourse-reactions | Medium | 4.3 | 2023-04-19 17:21:43 | Deep Dive |
| CVE-2023-30606 | Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse | discourse | discourse | Medium | 4.2 | 2023-04-18 21:36:09 | Deep Dive |
| CVE-2023-30538 | Stored Cross-site Scripting via improper sanitization of svg files in Discourse | discourse | discourse | Medium | 5.4 | 2023-04-18 21:25:59 | Deep Dive |
| CVE-2023-29196 | HTML injection via topic embedding in Discourse | discourse | discourse | Medium | 4.2 | 2023-04-18 21:24:10 | Deep Dive |
| CVE-2023-28440 | Denial of service via admin theme import route in Discourse | discourse | discourse | Low | 2.7 | 2023-04-18 20:40:14 | Deep Dive |
| CVE-2023-28112 | Discourse's SSRF protection missing for some FastImage requests | discourse | discourse | Medium | 5.9 | 2023-03-17 18:35:08 | Deep Dive |
| CVE-2023-28111 | Discourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addresses | discourse | discourse | Medium | 5.7 | 2023-03-17 17:00:04 | Deep Dive |
| CVE-2023-28107 | Discourse vulnerable to multisite DoS by spamming backups | discourse | discourse | Medium | 4.5 | 2023-03-17 16:23:31 | Deep Dive |
| CVE-2023-25172 | Discourse vulnerable to Cross-site Scripting - user name displayed on post | discourse | discourse | Medium | 4.4 | 2023-03-17 16:07:28 | Deep Dive |
| CVE-2023-26040 | Discourse chat messages susceptible to Cross-site Scripting through chat excerpts | discourse | discourse | Medium | 6.5 | 2023-03-17 14:45:36 | Deep Dive |
| CVE-2023-23622 | Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users | discourse | discourse | Medium | 4.3 | 2023-03-17 14:17:17 | Deep Dive |
| CVE-2023-23935 | Presence of restricted personal Discourse messages may be leaked if tagged with a tag | discourse | discourse | Low | 3.5 | 2023-03-16 20:21:14 | Deep Dive |
| CVE-2023-25169 | Yearly Review Plugin leaking anonymised users data in discourse-yearly-review | discourse | discourse-yearly-review | Low | 3.1 | 2023-03-06 17:40:46 | Deep Dive |
| CVE-2023-25819 | Discourse tags with no visibility are leaking into og:article:tag | discourse | discourse | Medium | 5.3 | 2023-03-04 00:11:16 | Deep Dive |
| CVE-2023-25167 | Regular expression denial of service via installing themes via git in discourse | discourse | discourse | Medium | 6.5 | 2023-02-08 19:32:00 | Deep Dive |
| CVE-2023-23615 | Malicious users in Discourse can create spam topics as any user due to improper access control | discourse | discourse | Medium | 5.3 | 2023-02-03 21:57:30 | Deep Dive |
| CVE-2023-23624 | Discourse's exclude_tags param could leak which topics had a specific hidden tag | discourse | discourse | Medium | 4.3 | 2023-01-27 23:35:10 | Deep Dive |
| CVE-2023-23621 | Discourse vulnerable to ReDoS in user agent parsing | discourse | discourse | High | 8.6 | 2023-01-27 23:31:06 | Deep Dive |
| CVE-2023-22740 | Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts | discourse | discourse | Medium | 4.3 | 2023-01-27 00:39:53 | Deep Dive |
| CVE-2023-23616 | Discourse membership requests lack character limit | discourse | discourse | Low | 3.5 | 2023-01-27 00:00:00 | Deep Dive |