Filter
AND
-Infinity
0

Trending

Last week
Last month
Last year

DiscourseCross-site Scripting (XSS) via topic titles when CSP disabled in Discourse

medium
4.3
First published (updated )
CVE-2024-53266

DiscoursePartial denial of service via inline oneboxes in Discourse

medium
4.3
First published (updated )
CVE-2024-53851

DiscoursePotential bypass of chat permissions in Discourse

medium
4.3
First published (updated )
CVE-2024-53994

DiscourseHTMLi(XSS without CSP) via Onebox urls in Discourse

medium
6.5
First published (updated )
CVE-2024-56328

DiscourseStored DOM-based XSS (without CSP) via video placeholders in Discourse

medium
6.5
First published (updated )
CVE-2025-22602

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseBypass of Discourse Connect using other login paths if enabled in Discourse

medium
5.3
First published (updated )
CVE-2024-49765

DiscourseMagnific lightbox susceptible to Cross-site Scripting in Discourse

medium
6.8
First published (updated )
CVE-2024-52794

DiscourseCross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse

medium
6.5
First published (updated )
CVE-2024-47772

DiscoursePrevent topic list filtering by hidden tags for unauthorized users in Discourse

medium
5.3
First published (updated )
CVE-2024-45297

Discourse Calendar pluginDiscourse Calendar plugin event names susceptible to XSS

medium
6.1
First published (updated )
CVE-2024-45303

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Discourse Calendar pluginInsufficient control of region value length in discourse-calendar

medium
4.3
First published (updated )
CVE-2024-21658

DiscourseDiscourse allows iframe injection though default site setting

medium
6.1
First published (updated )
CVE-2024-39320

DiscourseDiscourse has an XSS via Onebox system

medium
6.3
First published (updated )
CVE-2024-37165

DiscourseDenial of service via Watched Words in Discourse

medium
4.9
First published (updated )
CVE-2024-38360

DiscourseDiscourse vulnerable to Server-Side Request Forgery via FastImage

medium
6.4
First published (updated )
CVE-2024-37157

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseDiscourse doesn't limit reviewable user serializer payload

medium
4.3
First published (updated )
CVE-2024-36122

DiscourseDiscourse missing authorization checks for suspending admins/moderators

medium
6.5
First published (updated )
CVE-2024-36113

DiscourseDiscourse vulnerable to stored-dom XSS via Facebook Oneboxes

medium
6.1
First published (updated )
CVE-2024-35234

DiscourseWordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability

medium
4.3
First published (updated )
CVE-2024-35168

DiscourseDenial of service through invites in Discourse

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2024-27085

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseDenial of service via Staff Actions in Discourse

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2024-27100

DiscourseDisclosure of the existence of secret categories with custom backgrounds in Discourse

medium
5.3
EPSS
0.04%
First published (updated )
CVE-2024-28242

DiscourseDisclosure of the existence of secret subcategories in Discourse

medium
5.3
First published (updated )
CVE-2024-24748

DiscourseNo rate limits on POST /uploads endpoint in Discourse

medium
5.3
EPSS
0.04%
First published (updated )
CVE-2024-24827

Discourse Calendar pluginUser can see invitees in events created in PMs and private categories

medium
5.3
EPSS
0.04%
First published (updated )
CVE-2024-24817

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Discourse Calendar pluginUninvited user is able to join and mark the attendance of the the private event

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2024-26145

Discourse Group Membership Ip Blocksdiscourse-group-membership-ip-block is exposing potentially sensitive custom fields

medium
5.3
EPSS
0.05%
First published (updated )
CVE-2024-24755

DiscourseDiscourse improperly sanitized user input leads to XSS

medium
6.3
EPSS
0.05%
First published (updated )
CVE-2024-23834

DiscourseDiscourse secure uploads accessible to guests even when login is required

medium
4.3
First published (updated )
CVE-2023-49099

DiscourseInsufficient control of custom field value sizes

medium
4.3
EPSS
0.04%
First published (updated )
CVE-2024-21655

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203