Filter
AND

Versions

2.9.0-beta1
33
2.9.0-beta2
33
2.9.0-beta3
33
2.9.0-beta4
30
2.9.0-beta5
29
2.9.0-beta7
29
2.9.0-beta6
28
2.9.0-beta8
28
2.8.0-beta1
27
2.8.0-beta2
27
2.8.0-beta3
27
2.8.0-beta4
27
3.1.0-beta1
27
2.8.0-beta5
25
2.8.0-beta6
25
2.9.0-beta10
25
2.8.0-beta7
24
2.9.0-beta11
24
2.9.0-beta12
24
2.9.0-beta13
22
2.9.0-beta9
22
2.8.0-beta8
21
2.8.0-beta9
21
2.9.0-beta14
21
2.8.0-beta10
20
3.1.0-beta2
20
3.0.0-beta15
19
2.4.0-beta1
18
2.4.0-beta2
18
1.1.0-beta1
17
1.1.0-beta2
17
1.1.0-beta3
17
1.1.0-beta4
17
1.1.0-beta5
17
1.1.0-beta6
17
1.1.0-beta6b
17
1.1.0-beta7
17
1.1.0-beta8
17
1.2.0-beta1
17
1.2.0-beta2
17
1.2.0-beta3
17
1.2.0-beta4
17
1.2.0-beta5
17
1.2.0-beta6
17
1.2.0-beta7
17
1.2.0-beta8
17
1.2.0-beta9
17
1.3.0-beta1
17
1.3.0-beta10
17
1.3.0-beta11
17
1.3.0-beta2
17
1.3.0-beta3
17
1.3.0-beta4
17
1.3.0-beta5
17
1.3.0-beta6
17
1.3.0-beta7
17
1.3.0-beta8
17
1.3.0-beta9
17
1.4.0-beta1
17
1.4.0-beta10
17
1.4.0-beta11
17
1.4.0-beta12
17
1.4.0-beta2
17
1.4.0-beta3
17
1.4.0-beta4
17
1.4.0-beta5
17
1.4.0-beta6
17
1.4.0-beta7
17
1.4.0-beta8
17
1.4.0-beta9
17
1.5.0-beta1
17
1.5.0-beta10
17
1.5.0-beta11
17
1.5.0-beta12
17
1.5.0-beta13
17
1.5.0-beta13b
17
1.5.0-beta14
17
1.5.0-beta2
17
1.5.0-beta3
17
1.5.0-beta4
17
1.5.0-beta5
17
1.5.0-beta6
17
1.5.0-beta7
17
1.5.0-beta8
17
1.5.0-beta9
17
1.6.0-beta1
17
1.6.0-beta10
17
1.6.0-beta11
17
1.6.0-beta12
17
1.6.0-beta2
17
1.6.0-beta3
17
1.6.0-beta4
17
1.6.0-beta5
17
1.6.0-beta6
17
1.6.0-beta7
17
1.6.0-beta8
17
1.6.0-beta9
17
1.7.0-beta1
17
1.7.0-beta10
17
1.7.0-beta11
17
1.7.0-beta2
17
1.7.0-beta3
17
1.7.0-beta4
17
1.7.0-beta5
17
1.7.0-beta6
17
1.7.0-beta7
17
1.7.0-beta8
17
1.7.0-beta9
17
1.8.0-beta1
17
1.8.0-beta10
17
1.8.0-beta11
17
1.8.0-beta12
17
1.8.0-beta13
17
1.8.0-beta2
17
1.8.0-beta3
17
1.8.0-beta4
17
1.8.0-beta5
17
1.8.0-beta6
17
1.8.0-beta7
17
1.8.0-beta8
17
1.8.0-beta9
17
1.9.0-beta1
17
1.9.0-beta10
17
1.9.0-beta11
17
1.9.0-beta12
17
1.9.0-beta13
17
1.9.0-beta14
17
1.9.0-beta15
17
1.9.0-beta16
17
1.9.0-beta17
17
1.9.0-beta2
17
1.9.0-beta3
17
1.9.0-beta4
17
1.9.0-beta5
17
1.9.0-beta6
17
1.9.0-beta7
17
1.9.0-beta8
17
1.9.0-beta9
17
2.0.0-beta1
17
2.0.0-beta10
17
2.0.0-beta2
17
2.0.0-beta3
17
2.0.0-beta4
17
2.0.0-beta5
17
2.0.0-beta6
17
2.0.0-beta7
17
2.0.0-beta8
17
2.0.0-beta9
17
2.1.0-beta1
17
2.1.0-beta2
17
2.1.0-beta3
17
2.1.0-beta4
17
2.1.0-beta5
17
2.1.0-beta6
17
2.2.0-beta1
17
2.2.0-beta10
17
2.2.0-beta2
17
2.2.0-beta3
17
2.2.0-beta4
17
2.2.0-beta5
17
2.2.0-beta6
17
2.2.0-beta7
17
2.2.0-beta8
17
2.2.0-beta9
17
2.3.0-beta1
17
2.3.0-beta10
17
2.3.0-beta11
17
2.3.0-beta2
17
2.3.0-beta3
17
2.3.0-beta4
17
2.3.0-beta5
17
2.3.0-beta6
17
2.3.0-beta7
17
2.3.0-beta8
17
2.3.0-beta9
17
2.4.0-beta10
17
2.4.0-beta11
17
2.4.0-beta3
17
2.4.0-beta4
17
2.4.0-beta5
17
2.4.0-beta6
17
2.4.0-beta7
17
2.4.0-beta8
17
2.4.0-beta9
17
2.5.0-beta1
17
2.5.0-beta2
17
2.5.0-beta3
17
2.5.0-beta4
17
2.5.0-beta5
17
2.5.0-beta6
17
2.5.0-beta7
17
2.6.0-beta1
17
2.6.0-beta2
17
2.6.0-beta3
17
2.6.0-beta4
17
2.6.0-beta5
17
2.6.0-beta6
17
2.7.0-beta1
17
2.7.0-beta2
17
2.7.0-beta3
17
2.7.0-beta4
17
2.7.0-beta5
17
2.7.0-beta6
17
2.7.0-beta7
17
2.7.0-beta8
17
2.7.0-beta9
17
2.8.0-beta11
17
3.0.0-beta16
15
3.1.0-beta3
14
3.1.0-beta5
10
3.1.0-beta6
8
3.2.0-beta1
8
3.2.0-beta2
6
3.3.0-beta1
6
3.3.0-beta2
6
3.1.0-beta4
4
3.1.0-beta7
4
3.1.0-beta8
4
3.2.0-beta3
3
3.3.0-beta3
3
2.3.2
2
3.0.0
2
3.0.1
2
3.1.1
2
3.4.0
2
3.4.0-beta1
2
2.6.0
1
2.7.12
1
2.7.7
1
2.7.9
1
2.8.11
1
2.8.13
1
2.8.2
1
2.8.4
1
3.0.2
1
3.1.0
1
3.2.0-beta4
1
3.3.0-beta4
1

DiscourseCross-site Scripting (XSS) via topic titles when CSP disabled in Discourse

medium
4.3
First published (updated )
CVE-2024-53266

DiscoursePartial denial of service via inline oneboxes in Discourse

medium
4.3
First published (updated )
CVE-2024-53851

DiscoursePotential bypass of chat permissions in Discourse

medium
4.3
First published (updated )
CVE-2024-53994

DiscourseHTMLi(XSS without CSP) via Onebox urls in Discourse

medium
6.5
First published (updated )
CVE-2024-56328

DiscourseStored DOM-based XSS (without CSP) via video placeholders in Discourse

medium
6.5
First published (updated )
CVE-2025-22602

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseBypass of Discourse Connect using other login paths if enabled in Discourse

medium
5.3
First published (updated )
CVE-2024-49765

DiscourseMagnific lightbox susceptible to Cross-site Scripting in Discourse

medium
6.8
First published (updated )
CVE-2024-52794

DiscourseCross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse

medium
6.5
First published (updated )
CVE-2024-47772

DiscoursePrevent topic list filtering by hidden tags for unauthorized users in Discourse

medium
5.3
First published (updated )
CVE-2024-45297

DiscourseDiscourse allows iframe injection though default site setting

medium
6.1
First published (updated )
CVE-2024-39320

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseDiscourse has an XSS via Onebox system

medium
6.3
First published (updated )
CVE-2024-37165

DiscourseDenial of service via Watched Words in Discourse

medium
4.9
First published (updated )
CVE-2024-38360

DiscourseDiscourse vulnerable to Server-Side Request Forgery via FastImage

medium
6.4
First published (updated )
CVE-2024-37157

DiscourseDiscourse doesn't limit reviewable user serializer payload

medium
4.3
First published (updated )
CVE-2024-36122

DiscourseDiscourse missing authorization checks for suspending admins/moderators

medium
6.5
First published (updated )
CVE-2024-36113

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseDiscourse vulnerable to stored-dom XSS via Facebook Oneboxes

medium
6.1
First published (updated )
CVE-2024-35234

DiscourseDenial of service through invites in Discourse

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2024-27085

DiscourseDenial of service via Staff Actions in Discourse

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2024-27100

DiscourseDisclosure of the existence of secret categories with custom backgrounds in Discourse

medium
5.3
EPSS
0.04%
First published (updated )
CVE-2024-28242

DiscourseDisclosure of the existence of secret subcategories in Discourse

medium
5.3
First published (updated )
CVE-2024-24748

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseNo rate limits on POST /uploads endpoint in Discourse

medium
5.3
EPSS
0.04%
First published (updated )
CVE-2024-24827

DiscourseDiscourse improperly sanitized user input leads to XSS

medium
6.3
EPSS
0.05%
First published (updated )
CVE-2024-23834

DiscourseDiscourse secure uploads accessible to guests even when login is required

medium
4.3
First published (updated )
CVE-2023-49099

DiscourseInsufficient control of custom field value sizes

medium
4.3
EPSS
0.04%
First published (updated )
CVE-2024-21655

DiscourseHTML injection in oneboxed links

medium
6.1
First published (updated )
CVE-2023-47119

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseBypassing height value allowed in some theme components

medium
5.4
First published (updated )
CVE-2023-46130

DiscourseDiscourse vulnerable to DoS via Regexp Injection in Full Name

medium
5.4
First published (updated )
CVE-2023-45806

DiscoursePrevent unauthorized access to summary details in Discourse

medium
5.3
First published (updated )
CVE-2023-44391

DiscourseArbitrary keys can be added to a topic's custom fields by any user in Discourse

medium
4.9
First published (updated )
CVE-2023-45147

DiscourseDiscourse DoS via SvgSprite cache

medium
6.5
First published (updated )
CVE-2023-41043

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203