discourse

274 tracked vulnerabilities.

CVE-2023-23620 MEDIUM
Discourse < 3.0.1 - Unauthorized Access to Restricted Tag Content
Jan 28, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-23616 LOW
Discourse < 3.0.1 - Uncontrolled Resource Consumption via Membership Request Reason
Jan 28, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-22740 MEDIUM
Discourse < 3.0.0 - Denial of Service via Unlimited Chat Draft Length
Jan 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-22739 MEDIUM
Discourse < 3.0.1 - Denial of Service via Unlimited Draft Data
Jan 26, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-22468 HIGH
Discourse < 2.8.13 - Cross-Site Scripting via Maliciously Crafted URL
Jan 26, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-22455 MEDIUM
Discourse <2.8.14, <3.0.0.beta16 - XSS
Jan 05, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-22454 HIGH
Discourse <2.8.14, <3.0.0.beta16 - XSS
Jan 05, 2023
CVSS 8.0
EPSS 0.00
CVE-2023-22453 MEDIUM
Discourse <2.8.14, <3.0.0.beta16 - Info Disclosure
Jan 05, 2023
CVSS 5.3
EPSS 0.00
CVE-2022-46177 MEDIUM
Discourse <2.8.14 - stable & <3.0.0.beta16 - beta & tests-passed - ...
Jan 05, 2023
CVSS 5.7
EPSS 0.00
CVE-2022-23549 MEDIUM
Discourse < 2.8.14 - Input Validation Bypass via HTML Comments
Jan 05, 2023
CVSS 5.7
EPSS 0.00
CVE-2022-23548 MEDIUM
Discourse < 2.8.14 - Regular Expression Denial of Service
Jan 05, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-23546 MEDIUM
Discourse < 2.9.0 - Unauthorized Exposure of Sensitive Information via Malicious URL Embedding
Jan 05, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-46168 LOW
Discourse <2.8.14, <2.9.0.beta15 - Info Disclosure
Jan 05, 2023
CVSS 3.5
EPSS 0.00
CVE-2022-46180 MEDIUM
Discourse Mermaid <1.0.0 - Code Injection
Jan 04, 2023
CVSS 5.0
EPSS 0.00
CVE-2022-46159 MEDIUM
Discourse <2.8.13 & <2.9.0.beta14 - Info Disclosure
Dec 02, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-46162 HIGH
Discourse BBCode <91478f5 - Code Injection
Nov 30, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-46150 MEDIUM
Discourse <2.8.13-2.9.0.beta14 - Info Disclosure
Nov 29, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-46148 HIGH
Discourse <2.8.10-2.9.0.beta11 - XSS
Nov 29, 2022
CVSS 7.1
EPSS 0.00
CVE-2022-41944 LOW
Discourse < 2.8.12 - Unauthorized Sensitive Information Exposure via Topic Notifications
Nov 28, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-41921 LOW
Discourse < 2.9.0.beta13 - Denial of Service via Unlimited Chat Message Length
Nov 28, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-41913 MEDIUM
Discourse Calendar - Unauthorized Exposure of Private Group Membership via Post Event Feature
Nov 14, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-39385 MEDIUM
Discourse < 2.8.10 - Unauthorized Private Message Topic Access via Invitation Redemption
Nov 14, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-39378 MEDIUM
Discourse < 2.8.9 - Unauthorized Exposure of Sensitive Topic Titles via User Badge
Nov 02, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-39356 HIGH
Discourse < 2.8.10 - Unauthenticated Account Takeover via Unscoped Invitation Link
Nov 02, 2022
CVSS 8.9
EPSS 0.00
CVE-2022-39241 HIGH
Discourse < 2.8.10 - Authenticated Server-Side Request Forgery via Webhook
Nov 02, 2022
CVSS 7.6
EPSS 0.00
Products
discourse 241 calendar 4 discourse-chat 3 discourse_calendar 3 discourse_reactions 2 WP Discourse 1 ai 1 assign 1 discotoc 1 discourse-ai 1 discourse-code-review 1 discourse-encrypt 1 discourse-placeholder-theme-component 1 discourse-policy 1 discourse-reactions 1 discourse_bbcode 1 discourse_footnote 1 discourse_jira 1 discourse_yearly_review 1 group_membership_ip_blocks 1 mermaid 1 message_bus 1 microsoft_authentication 1 patreon 1 rails_multisite 1 reactions 1
Quick Filters
Critical CVEs With Exploits In CISA KEV