| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-45147 | Arbitrary keys can be added to a topic's custom fields by any user in Discourse | discourse | discourse | Medium | 4.9 | 2023-10-16 20:26:25 | Deep Dive |
| CVE-2023-44384 | Discourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location | discourse | discourse-jira | Medium | 4.1 | 2023-10-06 17:15:58 | Deep Dive |
| CVE-2023-43657 | Improper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration | discourse | discourse-encrypt | High | 7.2 | 2023-09-28 18:04:27 | Deep Dive |
| CVE-2023-41043 | Discourse DoS via SvgSprite cache | discourse | discourse | Medium | 6.5 | 2023-09-15 19:27:59 | Deep Dive |
| CVE-2023-41042 | Discourse DoS via remote theme assets | discourse | discourse | Medium | 4.9 | 2023-09-15 19:26:43 | Deep Dive |
| CVE-2023-40588 | Discourse DoS via 2FA and Security Key Names | discourse | discourse | Medium | 6.5 | 2023-09-15 19:23:39 | Deep Dive |
| CVE-2023-38706 | Discourse vulnerable to DoS via drafts | discourse | discourse | Medium | 6.5 | 2023-09-15 19:22:08 | Deep Dive |
| CVE-2023-38685 | Discourse's restricted tag information visible to unauthenticated users | discourse | discourse | Medium | 4.3 | 2023-07-28 15:27:20 | Deep Dive |
| CVE-2023-38684 | Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions | discourse | discourse | Medium | 5.3 | 2023-07-28 15:25:41 | Deep Dive |
| CVE-2023-38498 | Discourse vulnerable to DoS via defer queue | discourse | discourse | Medium | 4.3 | 2023-07-28 15:18:19 | Deep Dive |
| CVE-2023-37906 | Discourse vulnerable to DoS via post edit reason | discourse | discourse | Medium | 4.3 | 2023-07-28 15:13:47 | Deep Dive |
| CVE-2023-37904 | Discourse Race Condition in Accept Invite | discourse | discourse | Low | 2.6 | 2023-07-28 15:09:08 | Deep Dive |
| CVE-2023-37467 | Discourse CSP nonce reuse vulnerability for anonymous users | discourse | discourse | Medium | 6.8 | 2023-07-28 14:42:06 | Deep Dive |
| CVE-2023-36818 | Denial of service via User Custom Sidebar Section Unlimited Link Creation in discourse | discourse | discourse | Medium | 6.5 | 2023-07-14 21:16:15 | Deep Dive |
| CVE-2023-36466 | Topic Title Validation Skipped When Changing Category in Discourse | discourse | discourse | Low | 3.5 | 2023-07-14 21:14:01 | Deep Dive |
| CVE-2023-36473 | CSP nonce reuse vulnerability in Discourse | discourse | discourse | Medium | 6.8 | 2023-07-13 20:57:51 | Deep Dive |
| CVE-2023-34250 | Discourse vulnerable to exposure of number of topics recently created in private categories | discourse | discourse | Medium | 4.8 | 2023-06-13 21:41:30 | Deep Dive |
| CVE-2023-32301 | Discourse's canonical url not being used for topic embeddings | discourse | discourse | Low | 3.1 | 2023-06-13 21:35:38 | Deep Dive |
| CVE-2023-32061 | Discourse Topic Creation Page Allows iFrame Tag without Restrictions | discourse | discourse | Medium | 5.4 | 2023-06-13 21:16:09 | Deep Dive |
| CVE-2023-31142 | Discourse's general category permissions could be set back to default | discourse | discourse | Low | 2.0 | 2023-06-13 21:12:48 | Deep Dive |