Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Discourse — Vulnerabilities & Security Advisories 265

Browse all 265 CVE security advisories affecting Discourse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Discourse:discoursediscourse-calendardiscourse-reactionsdiscourse-chatdiscourse-aidiscourse-policydiscourse-code-reviewdiscourse-placeholder-theme-componentWP Discoursediscourse-microsoft-authdiscourse-group-membership-ip-blockdiscourse-jiradiscourse-encryptdiscourse-yearly-reviewdiscourse-mermaid-theme-componentdiscourse-bbcodediscourse-patreonDiscoTOCdiscourse-assignmessage_busdiscourse-footnoterails_multisite
CVE IDTitleCVSSSeverityPublished
CVE-2023-46130 Bypassing height value allowed in some theme components — discourseCWE-770 4.3 Medium2023-11-10
CVE-2023-45816 Unread bookmark reminder notifications that the user cannot access can be seen — discourseCWE-200 3.3 Low2023-11-10
CVE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name — discourseCWE-1333 4.3 Medium2023-11-10
CVE-2023-43658 Improper escaping of user input in discourse-calendar — discourse-calendarCWE-79 8.0 High2023-10-16
CVE-2023-45131 Unauthenticated access to new private chat messages in Discourse — discourseCWE-200 7.5 High2023-10-16
CVE-2023-44391 Prevent unauthorized access to summary details in Discourse — discourseCWE-200 5.3 Medium2023-10-16
CVE-2023-44388 Malicious requests can fill up the log files resulting in a deinal of service in Discourse — discourseCWE-400 7.5 High2023-10-16
CVE-2023-43814 Exposure of poll options and votes to unauthorized users in Discourse — discourseCWE-200 3.7 Low2023-10-16
CVE-2023-43659 Cross-site Scripting via email preview when CSP disabled in Discourse — discourseCWE-79 8.0 High2023-10-16
CVE-2023-45147 Arbitrary keys can be added to a topic's custom fields by any user in Discourse — discourseCWE-200 4.9 Medium2023-10-16
CVE-2023-44384 Discourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location — discourse-jiraCWE-691 4.1 Medium2023-10-06
CVE-2023-43657 Improper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration — discourse-encryptCWE-79 7.2 High2023-09-28
CVE-2023-41043 Discourse DoS via SvgSprite cache — discourseCWE-770 6.5 Medium2023-09-15
CVE-2023-41042 Discourse DoS via remote theme assets — discourseCWE-770 4.9 Medium2023-09-15
CVE-2023-40588 Discourse DoS via 2FA and Security Key Names — discourseCWE-770 6.5 Medium2023-09-15
CVE-2023-38706 Discourse vulnerable to DoS via drafts — discourseCWE-770 6.5 Medium2023-09-15
CVE-2023-38685 Discourse's restricted tag information visible to unauthenticated users — discourseCWE-200 4.3 Medium2023-07-28
CVE-2023-38684 Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions — discourseCWE-770 5.3 Medium2023-07-28
CVE-2023-38498 Discourse vulnerable to DoS via defer queue — discourseCWE-400 4.3 Medium2023-07-28
CVE-2023-37906 Discourse vulnerable to DoS via post edit reason — discourseCWE-770 4.3 Medium2023-07-28
CVE-2023-37904 Discourse Race Condition in Accept Invite — discourseCWE-362 2.6 Low2023-07-28
CVE-2023-37467 Discourse CSP nonce reuse vulnerability for anonymous users — discourseCWE-323 6.8 Medium2023-07-28
CVE-2023-36818 Denial of service via User Custom Sidebar Section Unlimited Link Creation in discourse — discourseCWE-400 6.5 Medium2023-07-14
CVE-2023-36466 Topic Title Validation Skipped When Changing Category in Discourse — discourseCWE-20 3.5 Low2023-07-14
CVE-2023-36473 CSP nonce reuse vulnerability in Discourse — discourseCWE-79 6.8 Medium2023-07-13
CVE-2023-34250 Discourse vulnerable to exposure of number of topics recently created in private categories — discourseCWE-200 4.8 Medium2023-06-13
CVE-2023-32301 Discourse's canonical url not being used for topic embeddings — discourseCWE-116 3.1 Low2023-06-13
CVE-2023-32061 Discourse Topic Creation Page Allows iFrame Tag without Restrictions — discourseCWE-863 5.4 Medium2023-06-13
CVE-2023-31142 Discourse's general category permissions could be set back to default — discourseCWE-732 2.0 Low2023-06-13
CVE-2023-30611 Reaction metadata exposed in private topics in Discourse-reactions — discourse-reactionsCWE-200 4.3 Medium2023-04-19

This page lists every published CVE security advisory associated with Discourse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.