Filter
-Infinity
0

Trending

Last week
Last month
Last year

Discourse Code Review PluginDiscourse Code Review Plugin vulnerable to XSS via auto link commits

low
3.1
First published (updated )
CVE-2025-46824

DiscoursePrivate data leak on login-required Discourse sites

medium
5.8
EPSS
0.04%
First published (updated )
CVE-2025-46813

DiscourseDiscourse DM limits aren’t always properly enforced

medium
4.8
First published (updated )
CVE-2025-32376

DiscourseExposure of whisper participants in discourse

medium
4.3
First published (updated )
CVE-2022-21642

DiscourseUser's bio visible even if profile is restricted in Discourse

medium
4.3
First published (updated )
CVE-2022-21678

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseUser can bypass approval when invited to Discourse

high
8.8
First published (updated )
CVE-2022-21684

DiscourseGroup advanced search option may leak group and group's members visibility

medium
5.3
First published (updated )
CVE-2022-21677

DiscourseDenial of Service in Discourse

medium
6.5
First published (updated )
CVE-2022-23641

DiscourseSecure category names leaked via user activity export in Discourse

medium
4.3
First published (updated )
CVE-2022-24782

DiscoursePrivate group name exposure in discourse

medium
5.3
First published (updated )
CVE-2022-24804

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseAnonymous user cache poisoning in discourse

medium
5.3
First published (updated )
CVE-2022-24824

DiscourseCategory group permissions leaked in Discourse

medium
5.3
First published (updated )
CVE-2022-24850

Discourse AssignExposure of Sensitive Information to an Unauthorized Actor in Discourse Assign

medium
4.3
First published (updated )
CVE-2022-24866

DiscourseInvite bypasses user approval in Discourse

medium
5.3
First published (updated )
CVE-2022-31025

Discourse Calendar pluginDiscourse Calendar Event names susceptible to Cross-site Scripting

medium
6.5
First published (updated )
CVE-2022-31059

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseBanner topic data is exposed on login-required Discourse sites

medium
5.3
First published (updated )
CVE-2022-31060

DiscourseExposure of Sensitive Information in discourse-chat

medium
6.5
First published (updated )
CVE-2022-31095

DiscourseInvites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse

medium
5.7
First published (updated )
CVE-2022-31096

DiscourseCache poisoning via maliciously-formed request in Discourse

medium
5.3
First published (updated )
CVE-2022-31182

DiscourseEmail activation route can be abused by spammers in Discourse

high
7.5
First published (updated )
CVE-2022-31184

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseDiscourse-Chat Cross-Site Scripting issue for channel names and descriptions

medium
5.4
First published (updated )
CVE-2022-36057

DiscourseDiscourse vulnerable to RCE via admins uploading maliciously zipped file

critical
9.1
First published (updated )
CVE-2022-36066

DiscourseDiscourse moderators can edit themes via the API

high
7.2
First published (updated )
CVE-2022-36068

DiscourseDiscourse user profile location and website fields were not sufficiently length-limited

medium
4.3
First published (updated )
CVE-2022-39226

DiscourseDiscourse vulnerable to incomplete quote causing a topic to crash in the browser

medium
6.5
First published (updated )
CVE-2022-39232

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

DiscourseArbitrary HTML injection in table-of-contents theme component in DiscoTOC

medium
5.4
First published (updated )
CVE-2022-39270

DiscourseDiscourse-chat plugin susceptible to XSS in channel name and description

medium
5.4
First published (updated )
CVE-2022-39279

Discourse PatreonDiscourse Patreon vulnerable to improper validation of email during Patreon authentication

critical
9.8
First published (updated )
CVE-2022-39355

DiscoursePossible Server-Side Request Forgery (SSRF) in webhooks

high
7.6
First published (updated )
CVE-2022-39241

DiscourseDiscourse user account takeover via email and invite link

high
8.9
First published (updated )
CVE-2022-39356

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203