Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

discourse — Vulnerabilities & Security Advisories 265

Browse all 265 CVE security advisories affecting discourse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by discourse:discoursediscourse-calendardiscourse-reactionsdiscourse-chatdiscourse-aidiscourse-policydiscourse-code-reviewdiscourse-placeholder-theme-componentWP Discoursediscourse-microsoft-authdiscourse-group-membership-ip-blockdiscourse-jiradiscourse-encryptdiscourse-yearly-reviewdiscourse-mermaid-theme-componentdiscourse-bbcodediscourse-patreonDiscoTOCdiscourse-assignmessage_busdiscourse-footnoterails_multisite
CVE IDTitleCVSSSeverityPublished
CVE-2022-24804 Private group name exposure in discourse — discourseCWE-200 5.3 Medium2022-04-11
CVE-2022-24782 Secure category names leaked via user activity export in Discourse — discourseCWE-200 4.3 Medium2022-03-24
CVE-2022-23641 Denial of Service in Discourse — discourseCWE-835 6.5 Medium2022-02-15
CVE-2022-21677 Group advanced search option may leak group and group's members visibility — discourseCWE-200 4.3 Medium2022-01-14
CVE-2022-21684 User can bypass approval when invited to Discourse — discourseCWE-287 4.3 Medium2022-01-13
CVE-2022-21678 User's bio visible even if profile is restricted in Discourse — discourseCWE-200 4.3 Medium2022-01-13
CVE-2022-21642 Exposure of whisper participants in discourse — discourseCWE-200 4.3 Medium2022-01-05
CVE-2021-43850 Denial of Service in discourse — discourseCWE-20 6.8 Medium2022-01-04
CVE-2021-43840 Path traversal in message_bus — message_busCWE-22 4.4 Medium2021-12-17
CVE-2021-43827 Inline footnotes wrapped in <a> tags can cause errors in discourse-footnotes — discourse-footnoteCWE-755 4.3 Medium2021-12-14
CVE-2021-43793 Bypass of Poll voting limits in Discourse — discourseCWE-269 4.3 Medium2021-12-01
CVE-2021-43794 Anonymous user cache poisoning via development-mode header in Discourse — discourseCWE-610 5.3 Medium2021-12-01
CVE-2021-43792 Notifications leak in Discourse — discourseCWE-200 4.3 Medium2021-12-01
CVE-2021-41271 Cache poisoning via maliciously-formed request in discourse — discourseCWE-200 4.8 Medium2021-11-15
CVE-2021-41263 Secure/signed cookies share secrets between sites in rails_multisite — rails_multisiteCWE-200 8.3 High2021-11-15
CVE-2021-41163 RCE via malicious SNS subscription payload — discourseCWE-74 10.0 Critical2021-10-20
CVE-2021-41140 Reactions leak for secure category topics and private messages — discourse-reactionsCWE-668 5.3 Medium2021-10-19
CVE-2021-41095 XSS via blocked watched word in error message — discourseCWE-79 4.2 Medium2021-09-27
CVE-2021-41082 Private message title and participating users leaked in discourse — discourseCWE-200 7.5 High2021-09-20
CVE-2021-39161 Cross-site scripting via category name in Discourse — discourseCWE-79 4.4 Medium2021-08-26
CVE-2021-37703 Information exposure in Discourse — discourseCWE-200 4.3 Medium2021-08-13
CVE-2021-37693 Re-use of email tokens in Discourse — discourseCWE-640 5.3 Medium2021-08-13
CVE-2021-37633 XSS via d-popover and d-html-popover attribute — discourseCWE-79 7.4 High2021-08-09
CVE-2021-32788 Post creator of a whisper post can be revealed to non-staff users in Discourse — discourseCWE-668 4.3 Medium2021-07-27
CVE-2021-32764 YouTube Onebox susceptible to XSS — discourseCWE-79 8.1 High2021-07-15

This page lists every published CVE security advisory associated with discourse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.