discourse

274 tracked vulnerabilities.

CVE-2023-47121 LOW
Discourse < 3.1.3 and < 3.2.0.beta3 - Server-Side Request Forgery via Embedding Feature
Nov 10, 2023
CVSS 3.4
EPSS 0.00
CVE-2023-47120 HIGH
Discourse 3.1.0-3.1.2 and 3.1.0.beta6-3.2.0.beta2 - Denial of Service via Favicon URL Oneboxing
Nov 10, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-47119 MEDIUM
Discourse < 3.1.3 and < 3.2.0.beta3 - HTML Injection via Onebox Engine
Nov 10, 2023
CVSS 5.3
EPSS 0.13
CVE-2023-46130 MEDIUM
Discourse <3.1.3-3.2.0.beta3 - Info Disclosure
Nov 10, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-45816 LOW
Discourse < 3.1.3 and < 3.2.0.beta3 - Unauthorized Access to Bookmarkable Resources via Notification Edge Case
Nov 10, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-45806 MEDIUM
Discourse <3.1.3, <3.2.0.beta3 - Info Disclosure
Nov 10, 2023
CVSS 4.3
EPSS 0.04
CVE-2023-45131 HIGH
Discourse < 3.1.1 - Unauthenticated Exposure of Sensitive Information via MessageBus
Oct 16, 2023
CVSS 7.5
EPSS 0.07
CVE-2023-44391 MEDIUM
Discourse < 3.1.1 - Unauthenticated Exposure of Sensitive User Information via User Summaries
Oct 16, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-44388 HIGH
Discourse < 3.1.1 - Uncontrolled Resource Consumption via Log File Flooding
Oct 16, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-43814 LOW
Discourse <3.1.1-3.2.0.beta2 - Info Disclosure
Oct 16, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-43659 HIGH
Discourse < 3.1.1 - Cross-Site Scripting via Digest Email Preview UI
Oct 16, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-43658 HIGH
discourse_calendar < 2023-10-16 - Cross-Site Scripting in Email Preview UI
Oct 16, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-45147 MEDIUM
Discourse < 3.1.1 - Exposure of Sensitive Information via Topic Custom Fields
Oct 16, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-44384 MEDIUM
discourse_jira < 2023-10-01 - Authenticated Server-Side Request Forgery via Jira URL Configuration
Oct 06, 2023
CVSS 4.1
EPSS 0.00
CVE-2023-43657 HIGH
discourse-encrypt < 2023-09-28 - Cross-Site Scripting via Encrypted Topic Title
Sep 28, 2023
CVSS 7.2
EPSS 0.00
CVE-2023-41043 MEDIUM
Discourse <3.1.1, <3.2.0.beta1 - DoS
Sep 15, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-41042 MEDIUM
Discourse <3.1.1-3.2.0.beta1 - Info Disclosure
Sep 15, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-40588 MEDIUM
Discourse < 3.1.1 - Denial of Service via 2FA/Security Key Name
Sep 15, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-38706 MEDIUM
Discourse <3.1.1, <3.2.0.beta1 - Info Disclosure
Sep 15, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-38685 MEDIUM
Discourse <3.0.6-3.1.0.beta7 - Info Disclosure
Jul 28, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-38684 MEDIUM
Discourse <3.0.6-3.1.0.beta7 - Info Disclosure
Jul 28, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-38498 MEDIUM
Discourse <3.0.6-3.1.0.beta7 - Info Disclosure
Jul 28, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-37906 MEDIUM
Discourse < 3.0.6 - Denial of Service via Crafted Edit Reason
Jul 28, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-37904 LOW
Discourse < 3.0.6 - Race Condition in Invite Link User Creation
Jul 28, 2023
CVSS 2.6
EPSS 0.00
CVE-2023-37467 MEDIUM
Discourse beta and tests-passed < 3.1.0.beta7 - Unauthenticated Cross-Site Scripting via CSP Nonce Reuse
Jul 28, 2023
CVSS 6.8
EPSS 0.00
Products
discourse 241 calendar 4 discourse-chat 3 discourse_calendar 3 discourse_reactions 2 WP Discourse 1 ai 1 assign 1 discotoc 1 discourse-ai 1 discourse-code-review 1 discourse-encrypt 1 discourse-placeholder-theme-component 1 discourse-policy 1 discourse-reactions 1 discourse_bbcode 1 discourse_footnote 1 discourse_jira 1 discourse_yearly_review 1 group_membership_ip_blocks 1 mermaid 1 message_bus 1 microsoft_authentication 1 patreon 1 rails_multisite 1 reactions 1
Quick Filters
Critical CVEs With Exploits In CISA KEV