Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

discourse — Vulnerabilities & Security Advisories 265

Browse all 265 CVE security advisories affecting discourse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by discourse:discoursediscourse-calendardiscourse-reactionsdiscourse-chatdiscourse-aidiscourse-policydiscourse-code-reviewdiscourse-placeholder-theme-componentWP Discoursediscourse-microsoft-authdiscourse-group-membership-ip-blockdiscourse-jiradiscourse-encryptdiscourse-yearly-reviewdiscourse-mermaid-theme-componentdiscourse-bbcodediscourse-patreonDiscoTOCdiscourse-assignmessage_busdiscourse-footnoterails_multisite
CVE IDTitleCVSSSeverityPublished
CVE-2022-46180 Arbitrary HTML injection in discourse-mermaid-theme-component — discourse-mermaid-theme-componentCWE-74 5.0 Medium2023-01-04
CVE-2022-46159 Any authenticated Discourse user can create an unlisted topic — discourseCWE-770 4.3 Medium2022-12-02
CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection — discourse-bbcodeCWE-74 8.8 High2022-11-30
CVE-2022-46148 Discourse allows self-XSS through malicious composer message — discourseCWE-79 7.1 High2022-11-29
CVE-2022-46150 Discourse may allow exposure of hidden tags in the subject of notification emails — discourseCWE-200 4.3 Medium2022-11-29
CVE-2022-41921 Discourse chat messages should have a maximum character limit — discourseCWE-20 3.5 Low2022-11-28
CVE-2022-41944 Discourse users can see notifications for topics they no longer have access to — discourseCWE-200 3.5 Low2022-11-28
CVE-2022-39385 Users erroneously and transparently added to private messages in Discourse — discourseCWE-200 6.5 Medium2022-11-14
CVE-2022-41913 Discourse-calendar exposes members of hidden groups — discourse-calendarCWE-200 4.3 Medium2022-11-14
CVE-2022-39241 Possible Server-Side Request Forgery (SSRF) in webhooks — discourseCWE-918 7.6 High2022-11-02
CVE-2022-39356 Discourse user account takeover via email and invite link — discourseCWE-285 8.9 High2022-11-02
CVE-2022-39378 Displaying user badges can leak topic titles to users that have no access to the topic — discourseCWE-200 5.3 Medium2022-11-02
CVE-2022-39355 Discourse Patreon vulnerable to improper validation of email during Patreon authentication — discourse-patreonCWE-287 9.1 Critical2022-10-26
CVE-2022-39270 Arbitrary HTML injection in table-of-contents theme component in DiscoTOC — DiscoTOCCWE-79 5.4 Medium2022-10-06
CVE-2022-39279 Discourse-chat plugin susceptible to XSS in channel name and description — discourse-chatCWE-79 4.3 Medium2022-10-06
CVE-2022-39232 Discourse vulnerable to incomplete quote causing a topic to crash in the browser — discourseCWE-20 6.5 Medium2022-09-29
CVE-2022-39226 Discourse user profile location and website fields were not sufficiently length-limited — discourseCWE-770 4.3 Medium2022-09-29
CVE-2022-36068 Discourse moderators can edit themes via the API — discourseCWE-862 7.2 High2022-09-29
CVE-2022-36066 Discourse vulnerable to RCE via admins uploading maliciously zipped file — discourseCWE-434 9.1 Critical2022-09-29
CVE-2022-36057 Discourse-Chat Cross-Site Scripting issue for channel names and descriptions — discourse-chatCWE-80 5.4 Medium2022-09-06
CVE-2022-31184 Email activation route can be abused by spammers in Discourse — discourseCWE-770 6.5 Medium2022-08-01
CVE-2022-31182 Cache poisoning via maliciously-formed request in Discourse — discourseCWE-404 5.3 Medium2022-08-01
CVE-2022-31096 Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse — discourseCWE-281 5.7 Medium2022-06-27
CVE-2022-31095 Exposure of Sensitive Information in discourse-chat — discourse-chatCWE-200 4.3 Medium2022-06-21
CVE-2022-31060 Banner topic data is exposed on login-required Discourse sites — discourseCWE-200 5.3 Medium2022-06-14
CVE-2022-31059 Discourse Calendar Event names susceptible to Cross-site Scripting — discourse-calendarCWE-79 6.5 Medium2022-06-14
CVE-2022-31025 Invite bypasses user approval in Discourse — discourseCWE-285 2.6 Low2022-06-03
CVE-2022-24866 Exposure of Sensitive Information to an Unauthorized Actor in Discourse Assign — discourse-assignCWE-200 4.3 Medium2022-04-26
CVE-2022-24850 Category group permissions leaked in Discourse — discourseCWE-200 5.3 Medium2022-04-14
CVE-2022-24824 Anonymous user cache poisoning in discourse — discourseCWE-829 5.3 Medium2022-04-14

This page lists every published CVE security advisory associated with discourse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.