discourse
274 tracked vulnerabilities.
CVE-2024-37299
MEDIUM
Discourse < 3.2.5 - Denial of Service via Long Tag Group Name
Jul 30, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-37165
MEDIUM
Discourse < 3.2.3 - Cross-Site Scripting via Onebox Data
Jul 30, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-38360
MEDIUM
Discourse < 3.3.0 - Uncontrolled Resource Consumption via Watched Words
Jul 15, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-37157
MEDIUM
Discourse < 3.2.3 and < 3.3.0.beta4 - Server-Side Request Forgery via FastImage Library
Jul 03, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-36122
LOW
Discourse < 3.2.3 and < 3.3.0.beta4 - Unauthorized Email Exposure in Review Queue
Jul 03, 2024
CVSS 2.4
EPSS 0.00
CVE-2024-36113
MEDIUM
Discourse <3.2.3-3.3.0.beta4-dev - Privilege Escalation
Jul 03, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-35234
MEDIUM
Discourse < 3.2.3 and < 3.3.0.beta3 - Cross-Site Scripting via Malicious Meta Tags
Jul 03, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-35227
HIGH
Discourse < 3.2.3 - Denial of Service via Malicious Onebox URL
Jul 03, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-35168
MEDIUM
Discourse WP Discourse <2.5.1 - Info Disclosure
Jun 11, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-31219
MEDIUM
Discourse-reactions - Info Disclosure
Apr 15, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-28242
MEDIUM
Discourse - Unauthorized Exposure of Secret Category Information via Background Settings
Mar 15, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-27100
MEDIUM
Discourse < 3.2.1, < 3.3.0 - Resource Consumption via Suspension/Silencing/CSV Export
Mar 15, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-27085
MEDIUM
Discourse < 3.2.0 and < 3.3.0 - Uncontrolled Resource Consumption via Invite Route Parameters
Mar 15, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-24827
MEDIUM
Discourse < 3.2.0 and < 3.3.0 - Unauthenticated Denial of Service via Unlimited Uploads
Mar 15, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-24748
MEDIUM
Discourse < 3.2.0 - Unauthorized Secret Subcategory Exposure
Mar 15, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-24817
MEDIUM
Discourse Calendar <0.4 - Info Disclosure
Feb 22, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-23654
MEDIUM
discourse-ai < 2024-02-21 - Server-Side Request Forgery via AI Service Interaction
Feb 21, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-26145
MEDIUM
Discourse Calendar < 2024-02-21 - Incorrect Authorization via Attendance Update Request
Feb 21, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-24755
MEDIUM
discourse-group-membership-ip-block - Info Disclosure
Feb 01, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-23834
MEDIUM
Discourse < 3.1.5 and < 3.2.0 - Cross-Site Scripting
Jan 30, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-21655
MEDIUM
Discourse < 3.1.4 - Unauthenticated Resource Exhaustion via Client-Editable Fields
Jan 12, 2024
CVSS 4.3
EPSS 0.00
CVE-2023-46241
CRITICAL
discourse/microsoft_authentication < 2024-02-20 - Incorrect Authorization via Microsoft Account Type Misconfiguration
Feb 21, 2024
CVSS 9.0
EPSS 0.01
CVE-2023-49099
LOW
Discourse < 3.1.4 - Unauthenticated Secure Upload URL Access
Jan 12, 2024
CVSS 3.1
EPSS 0.00
CVE-2023-49098
LOW
Discourse-reactions - Info Disclosure
Jan 12, 2024
CVSS 3.5
EPSS 0.00
CVE-2023-48297
HIGH
Discourse < 3.1.4 - Uncontrolled Resource Consumption via Chat Mention Expansion
Jan 12, 2024
CVSS 8.6
EPSS 0.00
Products
discourse 241
calendar 4
discourse-chat 3
discourse_calendar 3
discourse_reactions 2
WP Discourse 1
ai 1
assign 1
discotoc 1
discourse-ai 1
discourse-code-review 1
discourse-encrypt 1
discourse-placeholder-theme-component 1
discourse-policy 1
discourse-reactions 1
discourse_bbcode 1
discourse_footnote 1
discourse_jira 1
discourse_yearly_review 1
group_membership_ip_blocks 1
mermaid 1
message_bus 1
microsoft_authentication 1
patreon 1
rails_multisite 1
reactions 1
Quick Filters