CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Discourse: >> Discourse >> 2025.11.0 Security Vulnerabilities

CVE-2025-67723

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a workaround, the Discourse Math plugin can be disabled, or the Mathjax provider can be used instead of KaTeX.

CVSS Score

4.6

EPSS Score

0.0

Published

2026-01-28

CVE-2025-64528

Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when `enable_names` is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix.

CVSS Score

5.3

EPSS Score

0.0

Published

2025-12-30

Page 4

Vulnerabilities

Vulnerable Software

Discourse: >> Discourse >> 2025.11.0 Security Vulnerabilities

Products

Pricing

Contact Us