Vulnerability Database

309,469

Total vulnerabilities in the database

CVE-2025-46824

The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin. As a workaround, one may disable the plugin.

Published: May 7, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-46824
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.1
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://github.com/discourse/discourse-code-review/commit/eed3a801f8fee217fe782212d8950eb1bd236e43
https://github.com/discourse/discourse-code-review/security/advisories/GHSA-358v-cwvc-gxh5
https://www.vicarius.io/vsociety/posts/cve-2025-46824-detect-discourse-plugin-vulnerability
https://www.vicarius.io/vsociety/posts/cve-2025-46824-mitigate-discourse-plugin-vulnerability

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo