Medium severity5.3NVD Advisory· Published Jul 7, 2025· Updated Apr 15, 2026

CVE-2025-53532

Description

giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own self-hosted service. This vulnerability is fixed by the c43af7806e65adfcf4d0feeebef76dc36c95cb9a and 4b9745fe1a326ce08d69f8a388331bc993d19389 commits.

Patches

4b9745fe1a32

https://github.com/giscus/giscusvia osv

commit

c43af7806e65

https://github.com/giscus/giscusvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/giscus/giscus/commit/4b9745fe1a326ce08d69f8a388331bc993d19389nvd
github.com/giscus/giscus/commit/c43af7806e65adfcf4d0feeebef76dc36c95cb9anvd
github.com/giscus/giscus/security/advisories/GHSA-w6vg-v24f-4vm3nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000