discourse

274 tracked vulnerabilities.

CVE-2025-68934 MEDIUM
Discourse <3.5.4,2025.11.2,2025.12.1,2026.1.0 - Use After Free
Jan 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-68933 MEDIUM
Discourse < 3.5.4, < 2025.11.2, < 2025.12.1, < 2026.1.0 - Broken Access Control via Post Ownership Transfer
Jan 28, 2026
CVSS 6.9
EPSS 0.00
CVE-2025-68666 MEDIUM
Discourse <3.5.4, <2025.11.2, <2025.12.1, <2026.1.0 - Info Disclosure
Jan 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-68662 HIGH
Discourse <3.5.4, <2025.11.2, <2025.12.1, <2026.1.0 - Auth Bypass
Jan 28, 2026
CVSS 7.6
EPSS 0.00
CVE-2025-68660 MEDIUM
Discourse <3.5.4,2025.11.2,2025.12.1,2026.1.0 - Auth Bypass
Jan 28, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-68659 MEDIUM
Discourse <3.5.4,2025.11.2,2025.12.1,2026.1.0 - DoS
Jan 28, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-68479 HIGH
Discourse < 3.5.4, 2025.11.2, 2025.12.1, 2026.1.0 - Missing Authorization in Subscription Endpoints
Jan 28, 2026
CVSS 7.1
EPSS 0.00
CVE-2025-67723 MEDIUM
Discourse < 3.5.4 - Cross-Site Scripting in Math Plugin KaTeX Variant
Jan 28, 2026
CVSS 4.6
EPSS 0.00
CVE-2025-66488 MEDIUM
Discourse <3.5.4-2026.1.0 - Info Disclosure
Jan 28, 2026
CVSS 4.6
EPSS 0.00
CVE-2025-64528 MEDIUM
Discourse <3.5.3, <2025.11.1, <2025.12.0 - Info Disclosure
Dec 30, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-61598 MEDIUM
Discourse <3.6.2-3.6.0.beta2 - Info Disclosure
Oct 28, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-59337 MEDIUM
Discourse < 3.5.1 - Command Injection via Backup Restore
Oct 01, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-58055 MEDIUM
Discourse < 3.5.1 - Authenticated Improper Access Control via AI Suggestion Endpoint Topic ID Manipulation
Oct 01, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-58054 LOW
Discourse < 3.5.1 - Stored Cross-Site Scripting via Chat Channel and Thread Title Quote
Oct 01, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-54411 MEDIUM
Discourse < 3.5.0 - Stored Cross-Site Scripting via Welcome Banner Username
Aug 19, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-53102 CRITICAL
Discourse <3.4.7-3.5.0.beta.8 - Info Disclosure
Jul 29, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-49845 HIGH
Discourse < 3.4.6 - Exposure of Sensitive Information via Whisper Post Visibility
Jun 25, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-48954 HIGH NUCLEI
Discourse < 3.5.0.beta6 - Cross-Site Scripting via Social Login
Jun 25, 2025
CVSS 8.1
EPSS 0.10
CVE-2025-48877 CRITICAL
Discourse <3.4.4-3.5.0.beta5-3.5.0.beta6-dev - XSS
Jun 09, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-48062 HIGH
Discourse <3.4.4, <3.5.0.beta5, <3.5.0.beta6-dev - XSS
Jun 09, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-48053 HIGH
Discourse < 3.4.4 and < 3.5.0 - Denial of Service via Malicious URL in Private Message
Jun 09, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-47288 LOW
Discourse Policy <0.1.1 - Info Disclosure
May 29, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-46824 LOW
Discourse Code Review Plugin <eed3a80 - XSS
May 07, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-46813 MEDIUM
Discourse 3.5.0.beta4 - Unauthenticated Exposure of Sensitive Information via Homepage Content Leak
May 05, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-32376 MEDIUM
Discourse < 3.4.3 - Improper Access Control via Direct Message User Limit Bypass
Apr 30, 2025
CVSS 4.3
EPSS 0.00
Products
discourse 241 calendar 4 discourse-chat 3 discourse_calendar 3 discourse_reactions 2 WP Discourse 1 ai 1 assign 1 discotoc 1 discourse-ai 1 discourse-code-review 1 discourse-encrypt 1 discourse-placeholder-theme-component 1 discourse-policy 1 discourse-reactions 1 discourse_bbcode 1 discourse_footnote 1 discourse_jira 1 discourse_yearly_review 1 group_membership_ip_blocks 1 mermaid 1 message_bus 1 microsoft_authentication 1 patreon 1 rails_multisite 1 reactions 1
Quick Filters
Critical CVEs With Exploits In CISA KEV