https://db.gcve.eu/sightings/feed 2026-06-05T18:27:59.762635+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/1175174d-d37f-41f7-b1b9-262f2b63b43a/export 2026-06-05T18:28:00.121801+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "1175174d-d37f-41f7-b1b9-262f2b63b43a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46180", "type": "seen", "source": "https://t.me/cibsecurity/55911", "content": "\u203c CVE-2022-46180 \u203c\n\nDiscourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T20:18:21.000000Z"} 2023-01-04T20:18:21+00:00 https://db.gcve.eu/sighting/70be1cd9-05d0-4888-b623-b75259512ae5/export 2026-06-05T18:28:00.120595+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "70be1cd9-05d0-4888-b623-b75259512ae5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46180", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7064", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46180\n\ud83d\udd25 CVSS Score: 5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component.\n\ud83d\udccf Published: 2023-01-04T16:44:54.487Z\n\ud83d\udccf Modified: 2025-03-10T21:32:39.201Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse-mermaid-theme-component/security/advisories/GHSA-8437-hgcm-p3q3\n2. https://github.com/discourse/discourse-mermaid-theme-component/pull/14\n3. https://github.com/discourse/discourse-mermaid-theme-component/commit/c10bc4a08bf865cee20e5d5dffba535762813f0f", "creation_timestamp": "2025-03-10T21:39:19.000000Z"} 2025-03-10T21:39:19+00:00