Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

discourse — Vulnerabilities & Security Advisories 234

All 234 CVE vulnerabilities found in discourse, with AI-generated Chinese analysis, references, and POCs.

Vendor: discourse

CVE IDTitleCVSSSeverityPublished
CVE-2022-24824 Anonymous user cache poisoning in discourse CWE-829 5.3 Medium2022-04-14
CVE-2022-24804 Private group name exposure in discourse CWE-200 5.3 Medium2022-04-11
CVE-2022-24782 Secure category names leaked via user activity export in Discourse CWE-200 4.3 Medium2022-03-24
CVE-2022-23641 Denial of Service in Discourse CWE-835 6.5 Medium2022-02-15
CVE-2022-21677 Group advanced search option may leak group and group's members visibility CWE-200 4.3 Medium2022-01-14
CVE-2022-21684 User can bypass approval when invited to Discourse CWE-287 4.3 Medium2022-01-13
CVE-2022-21678 User's bio visible even if profile is restricted in Discourse CWE-200 4.3 Medium2022-01-13
CVE-2022-21642 Exposure of whisper participants in discourse CWE-200 4.3 Medium2022-01-05
CVE-2021-43850 Denial of Service in discourse CWE-20 6.8 Medium2022-01-04
CVE-2021-43793 Bypass of Poll voting limits in Discourse CWE-269 4.3 Medium2021-12-01
CVE-2021-43794 Anonymous user cache poisoning via development-mode header in Discourse CWE-610 5.3 Medium2021-12-01
CVE-2021-43792 Notifications leak in Discourse CWE-200 4.3 Medium2021-12-01
CVE-2021-41271 Cache poisoning via maliciously-formed request in discourse CWE-200 4.8 Medium2021-11-15
CVE-2021-41163 RCE via malicious SNS subscription payload CWE-74 10.0 Critical2021-10-20
CVE-2021-41095 XSS via blocked watched word in error message CWE-79 4.2 Medium2021-09-27
CVE-2021-41082 Private message title and participating users leaked in discourse CWE-200 7.5 High2021-09-20
CVE-2021-39161 Cross-site scripting via category name in Discourse CWE-79 4.4 Medium2021-08-26
CVE-2021-37703 Information exposure in Discourse CWE-200 4.3 Medium2021-08-13
CVE-2021-37693 Re-use of email tokens in Discourse CWE-640 5.3 Medium2021-08-13
CVE-2021-37633 XSS via d-popover and d-html-popover attribute CWE-79 7.4 High2021-08-09
CVE-2021-32788 Post creator of a whisper post can be revealed to non-staff users in Discourse CWE-668 4.3 Medium2021-07-27
CVE-2021-32764 YouTube Onebox susceptible to XSS CWE-79 8.1 High2021-07-15
CVE-2019-1020018 Discourse 授权问题漏洞 5.3 -2019-07-29
CVE-2019-1020017 Discourse 访问控制错误漏洞 5.3 -2019-07-29

All 234 known CVE vulnerabilities affecting discourse with full Chinese analysis, references, and POCs where available.