Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Discourse — Vulnerabilities & Security Advisories 234

All 234 CVE vulnerabilities found in Discourse, with AI-generated Chinese analysis, references, and POCs.

Vendor: discourse

CVE IDTitleCVSSSeverityPublished
CVE-2023-38684 Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions CWE-770 5.3 Medium2023-07-28
CVE-2023-38498 Discourse vulnerable to DoS via defer queue CWE-400 4.3 Medium2023-07-28
CVE-2023-37906 Discourse vulnerable to DoS via post edit reason CWE-770 4.3 Medium2023-07-28
CVE-2023-37904 Discourse Race Condition in Accept Invite CWE-362 2.6 Low2023-07-28
CVE-2023-37467 Discourse CSP nonce reuse vulnerability for anonymous users CWE-323 6.8 Medium2023-07-28
CVE-2023-36818 Denial of service via User Custom Sidebar Section Unlimited Link Creation in discourse CWE-400 6.5 Medium2023-07-14
CVE-2023-36466 Topic Title Validation Skipped When Changing Category in Discourse CWE-20 3.5 Low2023-07-14
CVE-2023-36473 CSP nonce reuse vulnerability in Discourse CWE-79 6.8 Medium2023-07-13
CVE-2023-34250 Discourse vulnerable to exposure of number of topics recently created in private categories CWE-200 4.8 Medium2023-06-13
CVE-2023-32301 Discourse's canonical url not being used for topic embeddings CWE-116 3.1 Low2023-06-13
CVE-2023-32061 Discourse Topic Creation Page Allows iFrame Tag without Restrictions CWE-863 5.4 Medium2023-06-13
CVE-2023-31142 Discourse's general category permissions could be set back to default CWE-732 2.0 Low2023-06-13
CVE-2023-30606 Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse CWE-732 4.2 Medium2023-04-18
CVE-2023-30538 Stored Cross-site Scripting via improper sanitization of svg files in Discourse CWE-79 5.4 Medium2023-04-18
CVE-2023-29196 HTML injection via topic embedding in Discourse CWE-79 4.2 Medium2023-04-18
CVE-2023-28440 Denial of service via admin theme import route in Discourse CWE-400 2.7 Low2023-04-18
CVE-2023-28112 Discourse's SSRF protection missing for some FastImage requests CWE-918 5.9 Medium2023-03-17
CVE-2023-28111 Discourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addresses CWE-918 5.7 Medium2023-03-17
CVE-2023-28107 Discourse vulnerable to multisite DoS by spamming backups CWE-770 4.5 Medium2023-03-17
CVE-2023-25172 Discourse vulnerable to Cross-site Scripting - user name displayed on post CWE-79 4.4 Medium2023-03-17
CVE-2023-26040 Discourse chat messages susceptible to Cross-site Scripting through chat excerpts CWE-79 6.5 Medium2023-03-17
CVE-2023-23622 Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users CWE-200 4.3 Medium2023-03-17
CVE-2023-23935 Presence of restricted personal Discourse messages may be leaked if tagged with a tag CWE-200 3.5 Low2023-03-16
CVE-2023-25819 Discourse tags with no visibility are leaking into og:article:tag CWE-359 5.3 Medium2023-03-04
CVE-2023-25167 Regular expression denial of service via installing themes via git in discourse CWE-1333 6.5 Medium2023-02-08
CVE-2023-23615 Malicious users in Discourse can create spam topics as any user due to improper access control CWE-284 5.3 Medium2023-02-03
CVE-2023-23624 Discourse's exclude_tags param could leak which topics had a specific hidden tag CWE-200 4.3 Medium2023-01-27
CVE-2023-23621 Discourse vulnerable to ReDoS in user agent parsing CWE-1333 8.6 High2023-01-27
CVE-2023-22740 Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts CWE-770 4.3 Medium2023-01-27
CVE-2023-23616 Discourse membership requests lack character limit CWE-400 3.5 Low2023-01-27

All 234 known CVE vulnerabilities affecting Discourse with full Chinese analysis, references, and POCs where available.