discourse · threatengine.sh

CVE-2026-34947

>= 2026.1.0 and <= 2026.1.2

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

5.3MEDIUM

CVE-2026-27481

>= 2026.1.0 and <= 2026.1.2

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

5.3MEDIUM

CVE-2026-33415

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

2.7LOW

CVE-2026-33300

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

6.5MEDIUM

CVE-2026-33185

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

5.0MEDIUM

CVE-2026-33074

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

5.3MEDIUM

CVE-2026-33073

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

5.3MEDIUM

CVE-2026-32951

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

4.3MEDIUM

CVE-2026-32620

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

4.3MEDIUM

CVE-2026-32619

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

4.3MEDIUM

CVE-2026-32618

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

4.3MEDIUM

CVE-2026-32615

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

5.4MEDIUM

CVE-2026-32607

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

5.4MEDIUM

CVE-2026-32273

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

5.4MEDIUM

CVE-2026-32243

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

5.4MEDIUM

CVE-2026-32143

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

6.5MEDIUM

CVE-2026-32113

>= 2026.1.0 and < 2026.1.3

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.

6.1MEDIUM

CVE-2026-33428

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user wit

6.5MEDIUM

CVE-2026-33427

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthenticated a

7.5HIGH

CVE-2026-33426

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editi

3.5LOW

CVE-2026-33425

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenticated user

5.3MEDIUM

CVE-2026-33424

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacker can gran

5.9MEDIUM

CVE-2026-33423

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any

4.3MEDIUM

CVE-2026-33422

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ip_address of

3.5LOW

CVE-2026-33411

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stor

5.4MEDIUM

CVE-2026-33291

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can creat

5.4MEDIUM

CVE-2026-33251

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization byp

5.4MEDIUM

CVE-2026-32114

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure

4.3MEDIUM

CVE-2026-31869

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerControll

4.3MEDIUM

CVE-2026-31805

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization byp

5.3MEDIUM

CVE-2026-30891

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access

6.5MEDIUM

CVE-2026-30889

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could ex

4.9MEDIUM

CVE-2026-30888

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to

2.2LOW

CVE-2026-33408

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators were able

2.2LOW

CVE-2026-33395

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphv

4.4MEDIUM

CVE-2026-33410

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorizatio

5.4MEDIUM

CVE-2026-33394

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the Post Edits admin

2.7LOW

CVE-2026-33393

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the `allowed_spam_ho

4.3MEDIUM

CVE-2026-33355

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts

6.5MEDIUM

CVE-2026-32099

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has `hid

4.3MEDIUM

CVE-2026-29072

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not bel

7.5HIGH

CVE-2026-28282

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw

6.5MEDIUM

CVE-2026-27936

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a restriction bypass

5.3MEDIUM

CVE-2026-27935

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability

6.5MEDIUM

CVE-2026-27934

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibi

7.5HIGH

CVE-2026-27740

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scr

6.1MEDIUM

CVE-2026-27570

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in

6.1MEDIUM

CVE-2026-27491

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a type coercion issu

4.3MEDIUM

CVE-2026-27454

>= 2026.1.0 and < 2026.1.2

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:i

5.3MEDIUM

CVE-2026-27166

< 2026.3.0

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup

4.1MEDIUM

CVE-2026-28227

< 2025.12.2

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics

2.7LOW

CVE-2026-28219

< 2025.12.2

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization ch

4.3MEDIUM

CVE-2026-28218

< 2025.12.2

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in

5.4MEDIUM

CVE-2026-27154

< 2025.12.2

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be eval

6.1MEDIUM

CVE-2026-27153

< 2025.12.2

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user

2.7LOW

CVE-2026-27162

< 2025.12.2

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, posts_nearby was checking

4.9MEDIUM

CVE-2026-27152

< 2025.12.2

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference

3.8LOW

CVE-2026-27151

< 2025.12.2

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the move_posts action only

2.7LOW

CVE-2026-27150

< 2025.12.2

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing `validate_before_cre

3.8LOW

CVE-2026-27149

< 2025.12.2

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, SQL injection in PM tag filt

6.5MEDIUM

CVE-2026-27021

< 2025.12.0

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint in the p

5.3MEDIUM

CVE-2026-26979

< 2025.12.0

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close,

2.7LOW

CVE-2026-26973

< 2025.12.0

Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR (Insecure Direct

4.3MEDIUM

CVE-2026-26265

< 2025.12.0

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the

7.5HIGH

CVE-2026-26207

< 2025.12.0

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, discourse-policy plugin al

5.4MEDIUM

CVE-2026-26078

< 2025.12.0

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the `patreon_webhook_se

7.5HIGH

CVE-2026-26077

< 2025.12.0

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints (S

6.5MEDIUM

CVE-2026-24742

< 3.5.4

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderat

6.5MEDIUM

CVE-2026-23743

< 3.5.4

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointi

7.5HIGH

CVE-2026-21865

< 3.5.4

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can co

6.5MEDIUM

CVE-2025-69289

< 3.5.4

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.

5.4MEDIUM

CVE-2025-69218

< 3.5.4

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can ac

6.5MEDIUM

CVE-2025-68934

< 3.5.4

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated use

6.5MEDIUM

CVE-2025-68933

< 3.5.4

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderat

6.9MEDIUM

CVE-2025-68666

< 3.5.4

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives ar

6.5MEDIUM

CVE-2025-68662

< 3.5.4

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname valida

7.6HIGH

CVE-2025-68660

< 3.5.4

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets

5.4MEDIUM

CVE-2025-68659

< 3.5.4

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application l

4.3MEDIUM

CVE-2025-68479

< 3.5.4

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription

7.1HIGH

CVE-2025-67723

< 3.5.4

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-securi

4.6MEDIUM

CVE-2025-66488

< 3.5.4

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 202

4.6MEDIUM

CVE-2025-64528

< 3.5.3

Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of

5.3MEDIUM

CVE-2025-61598

< 3.6.0

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with

5.3MEDIUM

CVE-2025-59337

< 3.6.0

Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded

6.8MEDIUM

CVE-2025-58055

< 3.6.0

Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for

4.3MEDIUM

CVE-2025-58054

< 3.6.0

Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing

3.5LOW

CVE-2025-54411

< 3.5.0

Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS atta

5.4MEDIUM

CVE-2025-53102

<= 3.5.0

Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the stable branch and version 3.5.0.beta.8

9.8CRITICAL

CVE-2025-49845

< 3.4.6

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the `whispers_allowed_g

7.5HIGH

CVE-2025-48954

< 3.5.0

Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the con

8.1HIGH

CVE-2025-48877

< 3.5.0

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta

9.8CRITICAL

CVE-2025-48062

< 3.5.0

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta

7.1HIGH

CVE-2025-48053

< 3.5.0

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta

7.5HIGH

CVE-2025-46813

< 3.5.0

Discourse is an open-source community platform. A data leak vulnerability affects sites deployed between commits 10df7fdee060d44ac

5.8MEDIUM

CVE-2025-32376

< 3.4.3

Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch,

4.3MEDIUM

CVE-2025-24972

< 3.4.0

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta

4.3MEDIUM

CVE-2025-24808

< 3.4.0

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta

4.3MEDIUM

CVE-2024-53994

< 3.4.0

Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could st

4.3MEDIUM

CVE-2024-53851

< 3.4.0

Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes fo

4.3MEDIUM

CVE-2024-53266

< 3.4.0

Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CS

4.3MEDIUM

CVE-2025-23023

< 3.3.2

Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with

8.2HIGH

CVE-2025-22602

< 3.4.0

Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript o

6.5MEDIUM

CVE-2025-22601

< 3.4.0

Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make ch

3.1LOW

CVE-2024-56328

< 3.4.0

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by

6.5MEDIUM

CVE-2024-56197

< 3.4.0

Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags

2.2LOW

CVE-2024-55948

< 3.3.2

Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to p

8.2HIGH

CVE-2024-53991

< 3.4.0

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to u

7.5HIGH

CVE-2024-52794

< 3.4.0

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This p

6.8MEDIUM

CVE-2024-52589

< 3.4.0

Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard,

2.2LOW

CVE-2024-49765

< 3.4.0

Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins

5.3MEDIUM

CVE-2024-47773

< 3.3.2

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poison

8.2HIGH

CVE-2024-47772

< 3.4.0

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by

6.5MEDIUM

CVE-2024-45297

< 3.4.0

Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name

5.3MEDIUM

CVE-2024-45051

< 3.4.0

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypa

8.2HIGH

CVE-2024-43789

<= 3.4.0

Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fet

7.5HIGH

CVE-2024-45303

< 0.5

Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event

6.1MEDIUM

CVE-2024-21658

< 2024-08-28

discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The lim

4.3MEDIUM

CVE-2024-39320

< 3.2.5

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject if

6.1MEDIUM

CVE-2024-37299

< 3.2.5

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group n

4.9MEDIUM

CVE-2024-37165

< 3.2.3

Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an

6.3MEDIUM

CVE-2024-38360

< 3.3.0

Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost u

4.9MEDIUM

CVE-2024-37157

< 3.3.0

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the `bet

6.4MEDIUM

CVE-2024-36122

< 3.3.0

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the `bet

2.4LOW

CVE-2024-36113

< 3.3.0

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta

4.9MEDIUM

CVE-2024-35234

< 3.3.0

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the `tes

4.2MEDIUM

CVE-2024-35227

<= 3.2.2

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the `tes

7.5HIGH

CVE-2024-28242

< 3.3.0

Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories e

5.3MEDIUM

CVE-2024-27100

< 3.3.0

Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing

6.5MEDIUM

CVE-2024-27085

< 3.3.0

Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can in

6.5MEDIUM

CVE-2024-24827

< 3.3.0

Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it eas

5.3MEDIUM

CVE-2024-24748

<= 3.2.0

Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategor

5.3MEDIUM

CVE-2024-24817

< 0.4

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platfo

4.3MEDIUM

CVE-2024-23654

< 2024-02-21

discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c16721

4.1MEDIUM

CVE-2024-26145

< 2024-02-21

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are ab

6.5MEDIUM

CVE-2024-23834

< 3.2.0

Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situat

6.3MEDIUM

CVE-2024-21655

< 3.1.4

Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allow

4.3MEDIUM

CVE-2023-49099

< 3.1.4

Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can

3.1LOW

CVE-2023-49098

<= 0.4

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications co

3.5LOW

CVE-2023-48297

< 3.1.4

Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @h

8.6HIGH

CVE-2023-47121

< 3.2.0

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.bet

3.4LOW

CVE-2023-47120

>= 3.1.0 and < 3.1.3

Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions

7.5HIGH

CVE-2023-47119

< 3.2.0

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.bet

5.3MEDIUM

CVE-2023-46130

< 3.2.0

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.bet

4.3MEDIUM

CVE-2023-45816

< 3.2.0

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.bet

3.3LOW

CVE-2023-45806

< 3.2.0

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.bet

4.3MEDIUM

CVE-2023-45131

<= 3.1.1

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST req

7.5HIGH

CVE-2023-44391

<= 3.1.1

Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_u

5.3MEDIUM

CVE-2023-44388

<= 3.1.1

Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill

7.5HIGH

CVE-2023-43814

<= 3.1.1

Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/

3.7LOW

CVE-2023-43659

<= 3.1.1

Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting at

8.0HIGH

CVE-2023-43658

<= 2023-10-16

dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the firs

8.0HIGH

CVE-2023-45147

<= 3.1.1

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields t

4.9MEDIUM

CVE-2023-43657

< 2023-09-28

discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic

7.2HIGH

CVE-2023-41043

< 3.1.1

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the `bet

6.5MEDIUM

CVE-2023-41042

< 3.1.1

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the `bet

4.9MEDIUM

CVE-2023-40588

< 3.1.1

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the `bet

6.5MEDIUM

CVE-2023-38706

< 3.1.0

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the `bet

6.5MEDIUM

CVE-2023-38685

< 3.0.6

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the `bet

4.3MEDIUM

CVE-2023-38684

< 3.0.6

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the `bet

5.3MEDIUM

CVE-2023-38498

< 3.0.6

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the `bet

4.3MEDIUM

CVE-2023-37906

< 3.0.6

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the `bet

4.3MEDIUM

CVE-2023-37904

< 3.0.6

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the `bet

2.6LOW

CVE-2023-37467

all versions

Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the beta and tests-passed branches, a CSP (Co

6.8MEDIUM

CVE-2023-36818

all versions

Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cau

6.5MEDIUM

CVE-2023-36466

< 3.0.5

Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the

3.5LOW

CVE-2023-36473

< 3.0.5

Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks

6.8MEDIUM

CVE-2023-34250

< 3.0.4

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the `bet

4.8MEDIUM

CVE-2023-32301

< 3.0.4

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the `bet

3.1LOW

CVE-2023-32061

< 3.0.4

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the `bet

5.4MEDIUM

CVE-2023-31142

< 3.0.4

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the `bet

2.0LOW

CVE-2023-30606

< 3.1.0

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arb

4.2MEDIUM

CVE-2023-30538

< 3.1.0

Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can exec

5.4MEDIUM

CVE-2023-29196

< 3.1.0

Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Dis

4.2MEDIUM

CVE-2023-28440

< 3.0.3

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse

2.7LOW

CVE-2023-28112

< 3.1.0

Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, some user

5.9MEDIUM

CVE-2023-28111

< 3.1.0

Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, attackers

5.7MEDIUM

CVE-2023-28107

< 3.1.0

Discourse is an open-source discussion platform. Prior to version 3.0.2 of the stable branch and version 3.1.0.beta3 of the `bet

4.5MEDIUM

CVE-2023-25172

< 3.1.0

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the `bet

4.4MEDIUM

CVE-2023-26040

all versions

Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the tests-passed branch, editin

6.5MEDIUM

CVE-2023-23622

< 3.0.0

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the `bet

4.3MEDIUM

CVE-2023-23935

< 3.0.1

Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and pr

3.5LOW

CVE-2023-25819

< 3.1.0

Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affect

5.3MEDIUM

CVE-2023-25167

< 3.0.1

Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of se

6.5MEDIUM

CVE-2023-23615

<= 3.0.0

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but wit

5.3MEDIUM

CVE-2023-23624

< 3.0.1

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the `bet

4.3MEDIUM

CVE-2023-23621

< 3.0.1

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the `bet

8.6HIGH

CVE-2023-23620

< 3.0.1

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and `

5.3MEDIUM

CVE-2023-23616

< 3.0.1

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and `

3.5LOW

CVE-2023-22740

<= 3.0.0

Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable

4.3MEDIUM

CVE-2023-22739

< 3.0.1

Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.bet

6.5MEDIUM

CVE-2023-22468

< 2.8.13

Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0bet

8.8HIGH

CVE-2023-22455

< 2.8.14

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the

6.8MEDIUM

CVE-2023-22454

< 2.8.14

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the

8.0HIGH

CVE-2023-22453

< 2.8.14

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the

5.3MEDIUM

CVE-2022-46177

< 2.8.14

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the

5.7MEDIUM

CVE-2022-23549

< 2.8.14

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the

5.7MEDIUM

CVE-2022-23548

< 2.8.14

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the

6.5MEDIUM

CVE-2022-23546

< 2.9.0

In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of

5.5MEDIUM

CVE-2022-46168

< 2.8.14

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta15 on the

3.5LOW

CVE-2022-46159

<= 2.8.13

Discourse is an open-source discussion platform. In version 2.8.13 and prior on the stable branch and version 2.9.0.beta14 and p

4.3MEDIUM

CVE-2022-46150

< 2.8.13

Discourse is an open-source discussion platform. Prior to version 2.8.13 of the stable branch and version 2.9.0.beta14 of the `b

4.3MEDIUM

CVE-2022-46148

<= 2.8.10

Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the stable branch and versions 2.9.0.beta11 and

7.1HIGH

CVE-2022-41944

<= 2.8.11

Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9

3.5LOW

CVE-2022-41921

< 2.9.0

Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited lengt

3.5LOW

CVE-2022-41913

all versions

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the fir

4.3MEDIUM

CVE-2022-39385

< 2.8.10

Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participan

6.5MEDIUM

CVE-2022-39378

< 2.8.9

Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's a

5.3MEDIUM

CVE-2022-39356

< 2.8.10

Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email addres

8.9HIGH

CVE-2022-39241

< 2.8.10

Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on th

7.6HIGH

CVE-2022-39279

< 0.9

discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places ren

4.3MEDIUM

CVE-2022-39270

< 2.1.0

DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled

5.4MEDIUM

CVE-2022-39232

all versions

Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplet

6.5MEDIUM

CVE-2022-39226

< 2.8.9

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on th

4.3MEDIUM

CVE-2022-36068

< 2.8.9

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on th

7.2HIGH

CVE-2022-36066

< 2.8.9

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on th

9.1CRITICAL

CVE-2022-36057

< 0.9

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can

5.4MEDIUM

CVE-2022-37458

<= 2.8.7

Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.

7.2HIGH

CVE-2022-31184

<= 2.8.6

Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spa

6.5MEDIUM

CVE-2022-31182

< 2.8.7

Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could ca

5.3MEDIUM

CVE-2022-31096

<= 2.8.4

Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email tha

5.7MEDIUM

CVE-2022-31095

< 0.4

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive in

4.3MEDIUM

CVE-2022-31060

< 2.8.4

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the `b

5.3MEDIUM

CVE-2022-31059

< 1.0.1

Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering

6.5MEDIUM

CVE-2022-31025

< 2.8.4

Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the stable branch and 2.9.0beta5 on the

2.6LOW

CVE-2022-24866

< 1.0.1

Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.

4.3MEDIUM

CVE-2022-24850

< 2.8.2

Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone tha

5.3MEDIUM

CVE-2022-24824

< 2.8.3

Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous

5.3MEDIUM

CVE-2022-24804

< 2.8.3

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.bet

5.3MEDIUM

CVE-2022-24782

<= 2.8.2

Discourse is an open source discussion platform. Versions 2.8.2 and prior in the stable branch, 2.9.0.beta3 and prior in the `be

4.3MEDIUM

CVE-2022-23641

< 2.8.1

Discourse is an open source discussion platform. In versions prior to 2.8.1 in the stable branch, 2.9.0.beta2 in the beta bran

6.5MEDIUM

CVE-2022-21677

<= 2.7.12

Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group a

4.3MEDIUM

CVE-2022-21684

< 2.7.13

Discourse is an open source discussion platform. Versions prior to 2.7.13 in stable, 2.8.0.beta11 in beta, and 2.8.0.beta11 in

4.3MEDIUM

CVE-2022-21678

< 2.7.13

Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the tests-passed branch, version 2.8.0.beta11

4.3MEDIUM

CVE-2022-21642

< 2.7.13

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the compos

4.3MEDIUM

CVE-2021-43850

< 2.7.12

Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service a

6.8MEDIUM

CVE-2021-43794

< 2.7.11

Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not log

5.3MEDIUM

CVE-2021-43793

< 2.7.11

Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote m

4.3MEDIUM

CVE-2021-43792

< 2.7.11

Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tag

4.3MEDIUM

CVE-2021-41271

<= 2.7.9

Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response

4.8MEDIUM

CVE-2021-41163

< 2.7.9

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to rem

10.0CRITICAL

CVE-2021-41140

< 0.2

Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versio

5.3MEDIUM

CVE-2021-41095

<= 2.7.7

Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and earlier

4.2MEDIUM

CVE-2020-24327

all versions

Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email i

5.3MEDIUM

CVE-2021-41082

< 2021-09-14

Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and

7.5HIGH

CVE-2021-39161

< 2.7.8

Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scri

4.4MEDIUM

CVE-2021-37703

< 2.7.8

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read s

4.3MEDIUM

CVE-2021-37693

< 2.7.8

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding add

5.3MEDIUM

CVE-2021-37633

< 2.7.8

Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to

7.4HIGH

CVE-2021-32788

< 2.7.7

Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a

4.3MEDIUM

CVE-2021-32764

<= 2.7.5

Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes

8.1HIGH

CVE-2021-3138

<= 2.6.0

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.

7.5HIGH

CVE-2019-15515

all versions

Discourse 2.3.2 sends the CSRF token in the query string.

6.5MEDIUM

CVE-2019-1020018

< 2.3.0

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.

7.3HIGH

CVE-2019-1020017

< 2.3.0

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.

5.3MEDIUM