| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-66488 | Discourse allows script execution in uploaded HTML/XML files on S3 | discourse | discourse | Medium | 4.6 | 2026-01-28 18:15:53 | Deep Dive |
| CVE-2025-64528 | Users are able to find users by name even when `enable_names` is off | discourse | discourse | 中危 | - | 2025-12-30 16:04:10 | Deep Dive |
| CVE-2025-11983 | WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure | scossar | WP Discourse | Medium | 4.3 | 2025-11-01 05:40:23 | Deep Dive |
| CVE-2025-61598 | Discourse is missing Cache-Control response header on error responses | discourse | discourse | - | - | 2025-10-28 20:38:55 | Deep Dive |
| CVE-2025-59337 | Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments | discourse | discourse | - | - | 2025-10-01 20:41:46 | Deep Dive |
| CVE-2025-58055 | Discourse AI Suggestions Contain Insecure Direct Object Reference | discourse | discourse | Medium | 4.3 | 2025-10-01 18:48:56 | Deep Dive |
| CVE-2025-58054 | Discourse is vulnerable to XSS when quoting chat messages | discourse | discourse | Low | 3.5 | 2025-10-01 18:42:55 | Deep Dive |
| CVE-2025-54411 | Discourse welcome banner user name XSS | discourse | discourse | - | - | 2025-08-19 16:41:40 | Deep Dive |
| CVE-2025-53102 | Discourse's WebAuthn challenge isn't cleared from user session after authentication | discourse | discourse | - | - | 2025-07-29 19:24:06 | Deep Dive |
| CVE-2025-49845 | Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers | discourse | discourse | - | - | 2025-06-25 15:39:01 | Deep Dive |
| CVE-2025-48954 | Discourse vulnerable to XSS via user-provided query parameter in oauth failure flow | discourse | discourse | High | 8.1 | 2025-06-25 14:02:47 | Deep Dive |
| CVE-2025-48877 | Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe | discourse | discourse | - | - | 2025-06-09 12:36:30 | Deep Dive |
| CVE-2025-48062 | Discourse vulnerable to HTML injection when inviting to topic via email | discourse | discourse | High | 7.1 | 2025-06-09 12:33:58 | Deep Dive |
| CVE-2025-48053 | Discourse vulnerable to DoS via large URL payload in PM to a bot | discourse | discourse | - | - | 2025-06-09 12:30:34 | Deep Dive |
| CVE-2025-47288 | Discourse Policy plugin private group members visible | discourse | discourse-policy | Low | 3.5 | 2025-05-29 19:25:50 | Deep Dive |
| CVE-2025-46824 | Discourse Code Review Plugin vulnerable to XSS via auto link commits | discourse | discourse-code-review | Low | 3.1 | 2025-05-07 17:37:56 | Deep Dive |
| CVE-2025-46813 | Private data leak on login-required Discourse sites | discourse | discourse | Medium | 5.8 | 2025-05-05 20:03:46 | Deep Dive |
| CVE-2025-32376 | Discourse DM limits aren’t always properly enforced | discourse | discourse | - | - | 2025-04-30 14:55:21 | Deep Dive |
| CVE-2025-24972 | Discourse may bypass user preference when adding users to chat groups | discourse | discourse | Medium | 4.3 | 2025-03-26 14:15:13 | Deep Dive |
| CVE-2025-24808 | Discourse has race condition when adding users to a group DM | discourse | discourse | Medium | 4.3 | 2025-03-26 14:08:39 | Deep Dive |