Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

discourse — Vulnerabilities & Security Advisories 234

All 234 CVE vulnerabilities found in discourse, with AI-generated Chinese analysis, references, and POCs.

Vendor: discourse

CVE IDTitleCVSSSeverityPublished
CVE-2026-30891 Discourse hasUnauthorized Exposure of Private User Action Types CWE-200 6.5 -2026-03-20
CVE-2026-30889 Discourse has Unauthorized Post Data Exposure in discourse-user-notes CWE-862 4.3 -2026-03-20
CVE-2026-30888 Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint CWE-269 2.2 Low2026-03-20
CVE-2026-33408 Discourse has Improper Authorization in "Post Edits" Report For Moderators CWE-862 2.2 Low2026-03-19
CVE-2026-33395 Discourse has stored click‑based XSS via Graphviz SVG javascript: links CWE-79 4.4 Medium2026-03-19
CVE-2026-33394 Discourse leaks PM post edits to moderators CWE-200 2.7 Low2026-03-19
CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist CWE-284 4.3 Medium2026-03-19
CVE-2026-33355 Discourse filters whisper posts from private-posts feed CWE-200 6.5 Medium2026-03-19
CVE-2026-33410 Discourse hardens chat DM channel creation and expansion CWE-863 5.4 Medium2026-03-19
CVE-2026-32099 Discourse prevents hidden profile data leak via user onebox CWE-200 4.3 Medium2026-03-19
CVE-2026-29072 Discourse missing permission check for policy creation in discourse-policy CWE-862 4.3 -2026-03-19
CVE-2026-28282 Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin CWE-863 6.5 -2026-03-19
CVE-2026-27936 Discourse discloses restricted post-action counts to non-privileged users CWE-863 4.3 -2026-03-19
CVE-2026-27935 Discourse leaks private topic metadata to non-authorized users CWE-201 4.3 -2026-03-19
CVE-2026-27934 Discourse leaks private topic title and post excerpt via user action API endpoint CWE-201 4.3 -2026-03-19
CVE-2026-27740 Discourse has Stored XSS in AI Triage Automation CWE-79 5.4 -2026-03-19
CVE-2026-27570 Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox CWE-79 5.4 -2026-03-19
CVE-2026-27491 Discourse has a bypass of official warnings messages by non-staff users CWE-862 4.3 -2026-03-19
CVE-2026-27454 Discourse has check revision visibility on posts endpoint CWE-862 5.3 Medium2026-03-19
CVE-2026-27166 Discourse vulnerable to HTML injection via prohibited iframe URLs CWE-80 4.1 Medium2026-03-19
CVE-2026-28227 Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category CWE-863 4.3AIMediumAI2026-02-26
CVE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners CWE-915 4.3AIMediumAI2026-02-26
CVE-2026-28218 Discourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query Execution CWE-284 8.8AIHighAI2026-02-26
CVE-2026-27154 Discourse has XSS when editing a malicious post CWE-79 5.4AIMediumAI2026-02-26
CVE-2026-27153 Discourse doesn't prevent moderators from exporting user Chat DMs CWE-863 5.4AIMediumAI2026-02-26
CVE-2026-27152 DIscourse has DM communication-preference bypass when adding members CWE-284 4.3AIMediumAI2026-02-26
CVE-2026-27162 DIscourse doesn't prevent whispers to leak in excerpts CWE-200 4.3AIMediumAI2026-02-26
CVE-2026-27151 Discourse doesn't validate destination topic when moving posts CWE-862 4.3AIMediumAI2026-02-26
CVE-2026-27150 Discourse doesn't ensure guardian check when creating QueryGroupBookmark CWE-862 4.3AIMediumAI2026-02-26
CVE-2026-27149 Discourse has SQL injection in PM tag filtering CWE-89 6.5AIMediumAI2026-02-26

All 234 known CVE vulnerabilities affecting discourse with full Chinese analysis, references, and POCs where available.