| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-39241 | Possible Server-Side Request Forgery (SSRF) in webhooks | discourse | discourse | High | 7.6 | 2022-11-02 00:00:00 | Deep Dive |
| CVE-2022-39356 | Discourse user account takeover via email and invite link | discourse | discourse | High | 8.9 | 2022-11-02 00:00:00 | Deep Dive |
| CVE-2022-39378 | Displaying user badges can leak topic titles to users that have no access to the topic | discourse | discourse | Medium | 5.3 | 2022-11-02 00:00:00 | Deep Dive |
| CVE-2022-39355 | Discourse Patreon vulnerable to improper validation of email during Patreon authentication | discourse | discourse-patreon | Critical | 9.1 | 2022-10-26 00:00:00 | Deep Dive |
| CVE-2022-39270 | Arbitrary HTML injection in table-of-contents theme component in DiscoTOC | discourse | DiscoTOC | Medium | 5.4 | 2022-10-06 00:00:00 | Deep Dive |
| CVE-2022-39279 | Discourse-chat plugin susceptible to XSS in channel name and description | discourse | discourse-chat | Medium | 4.3 | 2022-10-06 00:00:00 | Deep Dive |
| CVE-2022-39232 | Discourse vulnerable to incomplete quote causing a topic to crash in the browser | discourse | discourse | Medium | 6.5 | 2022-09-29 20:15:14 | Deep Dive |
| CVE-2022-39226 | Discourse user profile location and website fields were not sufficiently length-limited | discourse | discourse | Medium | 4.3 | 2022-09-29 20:05:11 | Deep Dive |
| CVE-2022-36068 | Discourse moderators can edit themes via the API | discourse | discourse | High | 7.2 | 2022-09-29 19:45:13 | Deep Dive |
| CVE-2022-36066 | Discourse vulnerable to RCE via admins uploading maliciously zipped file | discourse | discourse | Critical | 9.1 | 2022-09-29 19:35:09 | Deep Dive |
| CVE-2022-36057 | Discourse-Chat Cross-Site Scripting issue for channel names and descriptions | discourse | discourse-chat | Medium | 5.4 | 2022-09-06 19:30:14 | Deep Dive |
| CVE-2022-31184 | Email activation route can be abused by spammers in Discourse | discourse | discourse | Medium | 6.5 | 2022-08-01 19:40:30 | Deep Dive |
| CVE-2022-31182 | Cache poisoning via maliciously-formed request in Discourse | discourse | discourse | Medium | 5.3 | 2022-08-01 19:40:10 | Deep Dive |
| CVE-2022-31096 | Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse | discourse | discourse | Medium | 5.7 | 2022-06-27 21:35:10 | Deep Dive |
| CVE-2022-31095 | Exposure of Sensitive Information in discourse-chat | discourse | discourse-chat | Medium | 4.3 | 2022-06-21 19:00:17 | Deep Dive |
| CVE-2022-31060 | Banner topic data is exposed on login-required Discourse sites | discourse | discourse | Medium | 5.3 | 2022-06-14 20:15:17 | Deep Dive |
| CVE-2022-31059 | Discourse Calendar Event names susceptible to Cross-site Scripting | discourse | discourse-calendar | Medium | 6.5 | 2022-06-14 19:55:10 | Deep Dive |
| CVE-2022-31025 | Invite bypasses user approval in Discourse | discourse | discourse | Low | 2.6 | 2022-06-03 14:35:12 | Deep Dive |
| CVE-2022-24866 | Exposure of Sensitive Information to an Unauthorized Actor in Discourse Assign | discourse | discourse-assign | Medium | 4.3 | 2022-04-26 18:45:12 | Deep Dive |
| CVE-2022-24850 | Category group permissions leaked in Discourse | discourse | discourse | Medium | 5.3 | 2022-04-14 21:25:09 | Deep Dive |