Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Discourse — Vulnerabilities & Security Advisories 265

Browse all 265 CVE security advisories affecting Discourse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Discourse:discoursediscourse-calendardiscourse-reactionsdiscourse-chatdiscourse-aidiscourse-policydiscourse-code-reviewdiscourse-placeholder-theme-componentWP Discoursediscourse-microsoft-authdiscourse-group-membership-ip-blockdiscourse-jiradiscourse-encryptdiscourse-yearly-reviewdiscourse-mermaid-theme-componentdiscourse-bbcodediscourse-patreonDiscoTOCdiscourse-assignmessage_busdiscourse-footnoterails_multisite
CVE IDTitleCVSSSeverityPublished
CVE-2023-30606 Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse — discourseCWE-732 4.2 Medium2023-04-18
CVE-2023-30538 Stored Cross-site Scripting via improper sanitization of svg files in Discourse — discourseCWE-79 5.4 Medium2023-04-18
CVE-2023-29196 HTML injection via topic embedding in Discourse — discourseCWE-79 4.2 Medium2023-04-18
CVE-2023-28440 Denial of service via admin theme import route in Discourse — discourseCWE-400 2.7 Low2023-04-18
CVE-2023-28112 Discourse's SSRF protection missing for some FastImage requests — discourseCWE-918 5.9 Medium2023-03-17
CVE-2023-28111 Discourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addresses — discourseCWE-918 5.7 Medium2023-03-17
CVE-2023-28107 Discourse vulnerable to multisite DoS by spamming backups — discourseCWE-770 4.5 Medium2023-03-17
CVE-2023-25172 Discourse vulnerable to Cross-site Scripting - user name displayed on post — discourseCWE-79 4.4 Medium2023-03-17
CVE-2023-26040 Discourse chat messages susceptible to Cross-site Scripting through chat excerpts — discourseCWE-79 6.5 Medium2023-03-17
CVE-2023-23622 Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users — discourseCWE-200 4.3 Medium2023-03-17
CVE-2023-23935 Presence of restricted personal Discourse messages may be leaked if tagged with a tag — discourseCWE-200 3.5 Low2023-03-16
CVE-2023-25169 Yearly Review Plugin leaking anonymised users data in discourse-yearly-review — discourse-yearly-reviewCWE-200 3.1 Low2023-03-06
CVE-2023-25819 Discourse tags with no visibility are leaking into og:article:tag — discourseCWE-359 5.3 Medium2023-03-04
CVE-2023-25167 Regular expression denial of service via installing themes via git in discourse — discourseCWE-1333 6.5 Medium2023-02-08
CVE-2023-23615 Malicious users in Discourse can create spam topics as any user due to improper access control — discourseCWE-284 5.3 Medium2023-02-03
CVE-2023-23624 Discourse's exclude_tags param could leak which topics had a specific hidden tag — discourseCWE-200 4.3 Medium2023-01-27
CVE-2023-23621 Discourse vulnerable to ReDoS in user agent parsing — discourseCWE-1333 8.6 High2023-01-27
CVE-2023-22740 Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts — discourseCWE-770 4.3 Medium2023-01-27
CVE-2023-23616 Discourse membership requests lack character limit — discourseCWE-400 3.5 Low2023-01-27
CVE-2023-23620 Discourse restricted tag routes leak topic information — discourseCWE-200 5.3 Medium2023-01-27
CVE-2023-22739 Discourse subject to Allocation of Resources Without Limits or Throttling — discourseCWE-770 6.5 Medium2023-01-26
CVE-2023-22468 Discourse vulnerable to Cross-site Scripting in local oneboxes — discourseCWE-79 8.8 High2023-01-26
CVE-2023-22455 Discourse vulnerable to Cross-site Scripting through tag descriptions — discourseCWE-79 6.8 Medium2023-01-05
CVE-2023-22454 Discourse vulnerable to Cross-site Scripting through pending post titles descriptions — discourseCWE-79 8.0 High2023-01-05
CVE-2023-22453 Discourse vulnerable to exposure of user post counts per topic to unauthorized users — discourseCWE-200 5.3 Medium2023-01-05
CVE-2022-46177 Discourse password reset link can lead to in account takeover if user changes to a new email — discourseCWE-613 5.7 Medium2023-01-05
CVE-2022-23546 Discourse vulnerable to private topic leak via email#send_digest — discourseCWE-200 5.5 Medium2023-01-05
CVE-2022-46168 Group SMTP user emails are exposed in CC email header — discourseCWE-359 3.5 Low2023-01-05
CVE-2022-23548 Discourse 跨站脚本漏洞 — discourseCWE-1333 6.5 Medium2023-01-05
CVE-2022-23549 Discourse vulnerable to bypass of post max_length using HTML comments — discourseCWE-20 5.7 Medium2023-01-05

This page lists every published CVE security advisory associated with Discourse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.