| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-23620 | Discourse restricted tag routes leak topic information | discourse | discourse | Medium | 5.3 | 2023-01-27 00:00:00 | Deep Dive |
| CVE-2023-22739 | Discourse subject to Allocation of Resources Without Limits or Throttling | discourse | discourse | Medium | 6.5 | 2023-01-26 08:45:38 | Deep Dive |
| CVE-2023-22468 | Discourse vulnerable to Cross-site Scripting in local oneboxes | discourse | discourse | High | 8.8 | 2023-01-26 08:31:00 | Deep Dive |
| CVE-2023-22455 | Discourse vulnerable to Cross-site Scripting through tag descriptions | discourse | discourse | Medium | 6.8 | 2023-01-05 20:02:41 | Deep Dive |
| CVE-2023-22454 | Discourse vulnerable to Cross-site Scripting through pending post titles descriptions | discourse | discourse | High | 8.0 | 2023-01-05 19:58:36 | Deep Dive |
| CVE-2023-22453 | Discourse vulnerable to exposure of user post counts per topic to unauthorized users | discourse | discourse | Medium | 5.3 | 2023-01-05 19:53:34 | Deep Dive |
| CVE-2022-46177 | Discourse password reset link can lead to in account takeover if user changes to a new email | discourse | discourse | Medium | 5.7 | 2023-01-05 19:48:05 | Deep Dive |
| CVE-2022-23546 | Discourse vulnerable to private topic leak via email#send_digest | discourse | discourse | Medium | 5.5 | 2023-01-05 18:10:08 | Deep Dive |
| CVE-2022-46168 | Group SMTP user emails are exposed in CC email header | discourse | discourse | Low | 3.5 | 2023-01-05 17:18:58 | Deep Dive |
| CVE-2022-23548 | Discourse 跨站脚本漏洞 | discourse | discourse | Medium | 6.5 | 2023-01-05 00:00:00 | Deep Dive |
| CVE-2022-23549 | Discourse vulnerable to bypass of post max_length using HTML comments | discourse | discourse | Medium | 5.7 | 2023-01-05 00:00:00 | Deep Dive |
| CVE-2022-46180 | Arbitrary HTML injection in discourse-mermaid-theme-component | discourse | discourse-mermaid-theme-component | Medium | 5.0 | 2023-01-04 16:44:54 | Deep Dive |
| CVE-2022-46159 | Any authenticated Discourse user can create an unlisted topic | discourse | discourse | Medium | 4.3 | 2022-12-02 14:15:12 | Deep Dive |
| CVE-2022-46162 | Discourse BBCode plugin vulnerable to arbitrary CSS injection | discourse | discourse-bbcode | High | 8.8 | 2022-11-30 00:00:00 | Deep Dive |
| CVE-2022-46148 | Discourse allows self-XSS through malicious composer message | discourse | discourse | High | 7.1 | 2022-11-29 00:00:00 | Deep Dive |
| CVE-2022-46150 | Discourse may allow exposure of hidden tags in the subject of notification emails | discourse | discourse | Medium | 4.3 | 2022-11-29 00:00:00 | Deep Dive |
| CVE-2022-41921 | Discourse chat messages should have a maximum character limit | discourse | discourse | Low | 3.5 | 2022-11-28 00:00:00 | Deep Dive |
| CVE-2022-41944 | Discourse users can see notifications for topics they no longer have access to | discourse | discourse | Low | 3.5 | 2022-11-28 00:00:00 | Deep Dive |
| CVE-2022-39385 | Users erroneously and transparently added to private messages in Discourse | discourse | discourse | Medium | 6.5 | 2022-11-14 00:00:00 | Deep Dive |
| CVE-2022-41913 | Discourse-calendar exposes members of hidden groups | discourse | discourse-calendar | Medium | 4.3 | 2022-11-14 00:00:00 | Deep Dive |