diff --git a/models/issues/issue_search.go b/models/issues/issue_search.go
index 529f0c15d4..fbfcd3529a 100644
--- a/models/issues/issue_search.go
+++ b/models/issues/issue_search.go
@@ -460,7 +460,7 @@ func applySubscribedCondition(sess *xorm.Session, subscriberID int64) {
 			),
 			builder.Eq{"issue.poster_id": subscriberID},
 			builder.In("issue.repo_id", builder.
-				Select("id").
+				Select("repo_id").
 				From("watch").
 				Where(builder.And(builder.Eq{"user_id": subscriberID},
 					builder.In("mode", repo_model.WatchModeNormal, repo_model.WatchModeAuto))),
diff --git a/models/issues/issue_test.go b/models/issues/issue_test.go
index 8f40d3bdd9..21f483b391 100644
--- a/models/issues/issue_test.go
+++ b/models/issues/issue_test.go
@@ -211,6 +211,30 @@ func TestIssues(t *testing.T) {
 			},
 			[]int64{2},
 		},
+		{
+			issues_model.IssuesOptions{
+				SubscriberID: 11,
+			},
+			[]int64{11, 5, 9, 8, 3, 2, 1},
+		},
+		{
+			issues_model.IssuesOptions{
+				SubscriberID: 4,
+			},
+			[]int64{11, 5, 7, 4, 3, 2, 1},
+		},
+		{
+			issues_model.IssuesOptions{
+				SubscriberID: 1,
+			},
+			[]int64{11, 6, 5, 3, 2, 1},
+		},
+		{
+			issues_model.IssuesOptions{
+				SubscriberID: 8,
+			},
+			[]int64{},
+		},
 	} {
 		issues, err := issues_model.Issues(db.DefaultContext, &test.Opts)
 		require.NoError(t, err)
diff --git a/release-notes/9362.md b/release-notes/9362.md
new file mode 100644
index 0000000000..f72f2eba10
--- /dev/null
+++ b/release-notes/9362.md
@@ -0,0 +1 @@
+Do not display the title of unsubscribed issues or pull requests in the notification web page . The title of some random issues or pull requests from repositories were accidentally displayed in the notifications of a user. It was a rare occurrence, caused by an incorrect comparison of two unrelated unique identifiers that are unlikely to match (the id of the notification and the id of a repository). If the issue or the pull request belonged to a private repository to which the user had no read access, only the title was leaked. The user was denied permission to view the issue or the pull request when clicking on the link displayed in the notifications web page.