Filters

Software

discourse discourse
119
discourse discourse calendar
3
discourse discourse-chat
3
discourse calendar
2
discourse discourse reactions
2
discourse assign
1
discourse discotoc
1
discourse discourse bbcode
1
discourse discourse footnote
1
discourse discourse jira
1
discourse discourse yearly review
1
discourse discourse-encrypt
1
discourse group membership ip blocks
1
discourse mermaid
1
discourse message bus
1
discourse patreon
1
discourse rails multisite
1
discourse reactions
1

Discourse DiscourseCross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse

medium
6.5
First published (updated )
CVE-2024-47772

Discourse DiscourseDenial of service by the absence of restrictions on replies to posts in Discourse

high
7.5
First published (updated )
CVE-2024-43789

Discourse DiscoursePrevent topic list filtering by hidden tags for unauthorized users in Discourse

medium
5.3
First published (updated )
CVE-2024-45297

Discourse DiscourseBypass of email address validation via encoded email addresses in Discourse

high
8.2
First published (updated )
CVE-2024-45051

Discourse CalendarDiscourse Calendar plugin event names susceptible to XSS

medium
6.1
First published (updated )
CVE-2024-45303

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Discourse Discourse CalendarInsufficient control of region value length in discourse-calendar

medium
4.3
First published (updated )
CVE-2024-21658

Discourse DiscourseDiscourse allows iframe injection though default site setting

medium
6.1
First published (updated )
CVE-2024-39320

Discourse DiscourseDiscourse vulnerable to DoS via Tag Group

high
7.5
First published (updated )
CVE-2024-37299

Discourse DiscourseDiscourse has an XSS via Onebox system

medium
6.3
First published (updated )
CVE-2024-37165

Discourse DiscourseDiscourse vulnerable to Server-Side Request Forgery via FastImage

medium
6.4
First published (updated )
CVE-2024-37157

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Discourse DiscourseDiscourse doesn't limit reviewable user serializer payload

medium
4.3
First published (updated )
CVE-2024-36122

Discourse DiscourseDiscourse missing authorization checks for suspending admins/moderators

medium
6.5
First published (updated )
CVE-2024-36113

Discourse DiscourseDiscourse vulnerable to stored-dom XSS via Facebook Oneboxes

medium
6.1
First published (updated )
CVE-2024-35234

Discourse Group Membership Ip Blocksdiscourse-group-membership-ip-block is exposing potentially sensitive custom fields

medium
5.3
EPSS
0.05%
First published (updated )
CVE-2024-24755

Discourse DiscourseDiscourse improperly sanitized user input leads to XSS

medium
6.3
EPSS
0.05%
First published (updated )
CVE-2024-23834

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Discourse DiscourseDiscourse secure uploads accessible to guests even when login is required

medium
4.3
First published (updated )
CVE-2023-49099

Discourse DiscourseInsufficient control of custom field value sizes

medium
4.3
EPSS
0.04%
First published (updated )
CVE-2024-21655

Discourse Discourse ReactionsReaction data for user notifications exposed in Discourse-reactions

low
3.5
First published (updated )
CVE-2023-49098

Discourse DiscourseDiscourse vulnerable to unlimited mentioned users in message serializer

high
8.6
First published (updated )
CVE-2023-48297

Discourse DiscourseDiscourse SSRF vulnerability in Embedding

critical
9.8
First published (updated )
CVE-2023-47121

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Discourse DiscourseDiscourse DoS through Onebox favicon URL

high
7.5
First published (updated )
CVE-2023-47120

Discourse DiscourseHTML injection in oneboxed links

medium
6.1
First published (updated )
CVE-2023-47119

Discourse DiscourseBypassing height value allowed in some theme components

medium
5.4
First published (updated )
CVE-2023-46130

Discourse DiscourseUnread bookmark reminder notifications that the user cannot access can be seen

low
3.3
First published (updated )
CVE-2023-45816

Discourse DiscourseDiscourse vulnerable to DoS via Regexp Injection in Full Name

medium
5.4
First published (updated )
CVE-2023-45806

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Discourse Discourse CalendarImproper escaping of user input in discourse-calendar

high
8
First published (updated )
CVE-2023-43658

Discourse DiscourseUnauthenticated access to new private chat messages in Discourse

high
7.5
First published (updated )
CVE-2023-45131

Discourse DiscoursePrevent unauthorized access to summary details in Discourse

medium
5.3
First published (updated )
CVE-2023-44391

Discourse DiscourseMalicious requests can fill up the log files resulting in a deinal of service in Discourse

high
7.5
First published (updated )
CVE-2023-44388

Discourse DiscourseExposure of poll options and votes to unauthorized users in Discourse

low
3.7
First published (updated )
CVE-2023-43814

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Discourse DiscourseCross-site Scripting via email preview when CSP disabled in Discourse

high
8
First published (updated )
CVE-2023-43659

Discourse DiscourseArbitrary keys can be added to a topic's custom fields by any user in Discourse

medium
4.9
First published (updated )
CVE-2023-45147

Discourse Discourse JiraDiscourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location

medium
4.1
First published (updated )
CVE-2023-44384

Discourse Discourse-encryptImproper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration

high
7.2
First published (updated )
CVE-2023-43657

Discourse DiscourseDiscourse DoS via SvgSprite cache

medium
6.5
First published (updated )
CVE-2023-41043

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Discourse DiscourseDiscourse DoS via remote theme assets

medium
6.5
First published (updated )
CVE-2023-41042

Discourse DiscourseDiscourse DoS via 2FA and Security Key Names

medium
6.5
First published (updated )
CVE-2023-40588

Discourse DiscourseDiscourse vulnerable to DoS via drafts

medium
6.5
First published (updated )
CVE-2023-38706

Discourse DiscourseDiscourse's restricted tag information visible to unauthenticated users

medium
4.3
First published (updated )
CVE-2023-38685

Discourse DiscourseDiscourse vulnerable to ossible DDoS due to unbounded limits in various controller actions

high
7.5
First published (updated )
CVE-2023-38684

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Discourse DiscourseDiscourse vulnerable to DoS via defer queue

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2023-38498

Discourse DiscourseDiscourse vulnerable to DoS via post edit reason

medium
4.3
EPSS
0.04%
First published (updated )
CVE-2023-37906

Discourse DiscourseDiscourse Race Condition in Accept Invite

low
3.1
First published (updated )
CVE-2023-37904

Discourse DiscourseDiscourse CSP nonce reuse vulnerability for anonymous users

medium
6.8
First published (updated )
CVE-2023-37467

Discourse DiscourseDenial of service via User Custom Sidebar Section Unlimited Link Creation in discourse

high
7.5
First published (updated )
CVE-2023-36818

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Discourse DiscourseTopic Title Validation Skipped When Changing Category in Discourse

medium
4.3
First published (updated )
CVE-2023-36466

Discourse DiscourseCSP nonce reuse vulnerability in Discourse

medium
6.8
First published (updated )
CVE-2023-36473

Discourse DiscourseInfoleak

medium
5.3
First published (updated )
CVE-2023-34250

Discourse DiscourseDiscourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and v…

medium
5.3
First published (updated )
CVE-2023-32301

Discourse DiscourseDiscourse Topic Creation Page Allows iFrame Tag without Restrictions

medium
5.4
First published (updated )
CVE-2023-32061

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203