Unauthorized Discussion Creation in Giscus Commenting System by GitHub
CVE-2025-53532

5.3MEDIUM

Key Information:

Vendor: Giscus
Status: Giscus
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-53532?

The Giscus commenting system, which integrates GitHub Discussions, has a flaw in its discussions creation API. This flaw enables unauthorized users to create discussions in repositories where Giscus is deployed. The issue predominantly impacts the server-side functionality of Giscus, whether accessed via the official hosted service at giscus.app or through self-hosted instances, posing a risk of misuse across all installations. A fix has been implemented in specific commits that address this security gap.