discourse
296 tracked vulnerabilities.
CVE-2026-59828
MEDIUM
Discourse: Hidden post revisions leak through adjacent visible diffs
Jul 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-55424
HIGH
Discourse: Topic featured link susceptible to stored XSS
Jul 09, 2026
EPSS 0.00
CVE-2026-53963
HIGH
Discourse: Stored-XSS in 2FA delete confirmation modal
Jul 09, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-53962
MEDIUM
Discourse: Insufficient SVG sanitization logic
Jul 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-53961
MEDIUM
Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding)
Jul 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-49256
MEDIUM
Discourse: Hidden tag names leaked via category serializers
Jul 09, 2026
EPSS 0.00
CVE-2026-46413
MEDIUM
Discourse: Regular users can route multipart uploads into the admin backup store
Jul 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-45788
MEDIUM
Discourse: Secure uploads exposed by hotlinked image copying
Jul 09, 2026
EPSS 0.00
CVE-2026-45780
MEDIUM
Discourse: Private event sample invitees are serialized to non-invited event viewers
Jul 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-44787
HIGH
Discourse: Signup-time primary_group_id assignment grants whisperer access
Jul 09, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-55420
HIGH
Discourse: Remote code execution via pdf uploads
Jul 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-47264
MEDIUM
Discourse: Don't leak restricted tag group names via tag info
Jun 12, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-47263
MEDIUM
Discourse: Prevent webhook payload disclosure on event redelivery
Jun 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-45775
MEDIUM
Discourse: Cross-site backup access via path traversal in multisite local backups
Jun 12, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-45085
MEDIUM
Discourse: Chat misauthorization and information disclosure
Jun 12, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-44786
HIGH
Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users
Jun 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44785
MEDIUM
Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts
Jun 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44784
MEDIUM
Discourse: Non-staff group owners can see email password in plaintext through group history
Jun 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44783
MEDIUM
Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts
Jun 12, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-44782
MEDIUM
Discourse: GroupPostSerializer leaks hidden full names through reaction post association
Jun 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44780
MEDIUM
Discourse: Category queue reviewers can read raw incoming emails from queued posts
Jun 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44779
MEDIUM
Discourse: Bot debug endpoints disclose whisper translation audit logs
Jun 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-34154
MEDIUM
Discourse Subscriptions Plugin - Subscription Access Bypass
May 19, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33514
MEDIUM
Discourse: Information Disclosure in Form Template API Due to Missing Authorization
May 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-32244
MEDIUM
Discourse: Cached outdated summaries can leak removed content
May 19, 2026
CVSS 5.3
EPSS 0.00
Products
discourse 263
calendar 4
discourse-chat 3
discourse_calendar 3
discourse_reactions 2
WP Discourse 1
ai 1
assign 1
discotoc 1
discourse-ai 1
discourse-code-review 1
discourse-encrypt 1
discourse-placeholder-theme-component 1
discourse-policy 1
discourse-reactions 1
discourse_bbcode 1
discourse_footnote 1
discourse_jira 1
discourse_yearly_review 1
group_membership_ip_blocks 1
mermaid 1
message_bus 1
microsoft_authentication 1
patreon 1
rails_multisite 1
reactions 1
Quick Filters