Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

discourse — Vulnerabilities & Security Advisories 265

Browse all 265 CVE security advisories affecting discourse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by discourse:discoursediscourse-calendardiscourse-reactionsdiscourse-chatdiscourse-aidiscourse-policydiscourse-code-reviewdiscourse-placeholder-theme-componentWP Discoursediscourse-microsoft-authdiscourse-group-membership-ip-blockdiscourse-jiradiscourse-encryptdiscourse-yearly-reviewdiscourse-mermaid-theme-componentdiscourse-bbcodediscourse-patreonDiscoTOCdiscourse-assignmessage_busdiscourse-footnoterails_multisite
CVE IDTitleCVSSSeverityPublished
CVE-2024-43408 Discourse Placeholder Forms has a XSS stopped by CSP — discourse-placeholder-theme-componentCWE-79 6.3 Medium2024-08-20
CVE-2024-39320 Discourse allows iframe injection though default site setting — discourseCWE-74 6.1 Medium2024-07-30
CVE-2024-37299 Discourse vulnerable to DoS via Tag Group — discourseCWE-400 4.9 Medium2024-07-30
CVE-2024-37165 Discourse has an XSS via Onebox system — discourseCWE-79 6.3 Medium2024-07-30
CVE-2024-38360 Denial of service via Watched Words in Discourse — discourseCWE-400 4.9 Medium2024-07-15
CVE-2024-37157 Discourse vulnerable to Server-Side Request Forgery via FastImage — discourseCWE-918 6.4 Medium2024-07-03
CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload — discourseCWE-200 2.4 Low2024-07-03
CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators — discourseCWE-862 4.9 Medium2024-07-03
CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes — discourseCWE-79 4.2 Medium2024-07-03
CVE-2024-35227 Discourse vulnerable to DoS through Onebox — discourseCWE-20 7.5 High2024-07-03
CVE-2024-35168 WordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability — WP DiscourseCWE-862 4.3 Medium2024-06-11
CVE-2024-31219 Discourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity page — discourse-reactionsCWE-200 4.3 Medium2024-04-15
CVE-2024-27085 Denial of service through invites in Discourse — discourseCWE-400 6.5 Medium2024-03-15
CVE-2024-27100 Denial of service via Staff Actions in Discourse — discourseCWE-400 6.5 Medium2024-03-15
CVE-2024-28242 Disclosure of the existence of secret categories with custom backgrounds in Discourse — discourseCWE-200 5.3 Medium2024-03-15
CVE-2024-24748 Disclosure of the existence of secret subcategories in Discourse — discourseCWE-200 5.3 Medium2024-03-15
CVE-2024-24827 No rate limits on POST /uploads endpoint in Discourse — discourseCWE-400 5.3 Medium2024-03-15
CVE-2024-24817 User can see invitees in events created in PMs and private categories — discourse-calendarCWE-200 4.3 Medium2024-02-22
CVE-2024-23654 discourse-ai admin-initiated SSRF when interacting with AI services — discourse-aiCWE-918 4.1 Medium2024-02-21
CVE-2024-26145 Uninvited user is able to join and mark the attendance of the the private event — discourse-calendarCWE-863 6.5 Medium2024-02-21
CVE-2023-46241 Potential account take over due to unverified emails from Microsoft Identity Platform — discourse-microsoft-authCWE-863 9.1 Critical2024-02-21
CVE-2024-24755 discourse-group-membership-ip-block is exposing potentially sensitive custom fields — discourse-group-membership-ip-blockCWE-200 4.3 Medium2024-02-01
CVE-2024-23834 Discourse improperly sanitized user input leads to XSS — discourseCWE-79 6.3 Medium2024-01-30
CVE-2023-49099 Discourse secure uploads accessible to guests even when login is required — discourseCWE-284 3.1 Low2024-01-12
CVE-2024-21655 Insufficient control of custom field value sizes — discourseCWE-400 4.3 Medium2024-01-12
CVE-2023-49098 Reaction data for user notifications exposed in Discourse-reactions — discourse-reactionsCWE-284 3.5 Low2024-01-12
CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer — discourseCWE-400 8.6 High2024-01-12
CVE-2023-47121 Discourse SSRF vulnerability in Embedding — discourseCWE-918 3.4 Low2023-11-10
CVE-2023-47120 Discourse DoS through Onebox favicon URL — discourseCWE-770 7.5 High2023-11-10
CVE-2023-47119 HTML injection in oneboxed links — discourseCWE-74 5.3 Medium2023-11-10

This page lists every published CVE security advisory associated with discourse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.