Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

discourse — Vulnerabilities & Security Advisories 259

All 259 CVE vulnerabilities found in discourse, with AI-generated Chinese analysis, references, and POCs.

This page details security vulnerabilities associated with the Discourse platform, focusing on the Common Weakness Enumeration classification tags managed by vendor Discourse. It aggregates a comprehensive list of identified security flaws, including buffer overflows, injection flaws, and cross-site scripting issues, covering reports published from early 2013 through the current year. Users can utilize this resource to track vendor security advisories over time, gain a deeper understanding of specific weakness classes affecting open-source forum software, and look up the historical vulnerability record for this specific product. The data is structured to help developers and system administrators assess the impact of known issues, review patch notes, and prioritize remediation efforts based on severity and exploitability. By centralizing this information, the page serves as a reference for understanding the security posture of Discourse instances and facilitates informed decision-making regarding software updates and configuration hardening. This approach supports transparency in open-source security by providing accessible historical context for past incidents and current risks without requiring users to navigate multiple external documentation sources. The aggregated data reflects reported vulnerabilities that have been publicly disclosed and assigned unique identifiers, ensuring traceability and reference for security professionals auditing their deployment environments against known threat models.

Vendor: discourse

CVE IDTitleCVSSSeverityPublished
CVE-2022-21684 User can bypass approval when invited to Discourse CWE-287 4.3 Medium2022-01-13
CVE-2022-21678 User's bio visible even if profile is restricted in Discourse CWE-200 4.3 Medium2022-01-13
CVE-2022-21642 Exposure of whisper participants in discourse CWE-200 4.3 Medium2022-01-05
CVE-2021-43850 Denial of Service in discourse CWE-20 6.8 Medium2022-01-04
CVE-2021-43793 Bypass of Poll voting limits in Discourse CWE-269 4.3 Medium2021-12-01
CVE-2021-43794 Anonymous user cache poisoning via development-mode header in Discourse CWE-610 5.3 Medium2021-12-01
CVE-2021-43792 Notifications leak in Discourse CWE-200 4.3 Medium2021-12-01
CVE-2021-41271 Cache poisoning via maliciously-formed request in discourse CWE-200 4.8 Medium2021-11-15
CVE-2021-41163 RCE via malicious SNS subscription payload CWE-74 10.0 Critical2021-10-20
CVE-2021-41095 XSS via blocked watched word in error message CWE-79 4.2 Medium2021-09-27
CVE-2021-41082 Private message title and participating users leaked in discourse CWE-200 7.5 High2021-09-20
CVE-2021-39161 Cross-site scripting via category name in Discourse CWE-79 4.4 Medium2021-08-26
CVE-2021-37703 Information exposure in Discourse CWE-200 4.3 Medium2021-08-13
CVE-2021-37693 Re-use of email tokens in Discourse CWE-640 5.3 Medium2021-08-13
CVE-2021-37633 XSS via d-popover and d-html-popover attribute CWE-79 7.4 High2021-08-09
CVE-2021-32788 Post creator of a whisper post can be revealed to non-staff users in Discourse CWE-668 4.3 Medium2021-07-27
CVE-2021-32764 YouTube Onebox susceptible to XSS CWE-79 8.1 High2021-07-15
CVE-2019-1020018 Discourse 授权问题漏洞 5.3 -2019-07-29
CVE-2019-1020017 Discourse 访问控制错误漏洞 5.3 -2019-07-29

All 259 known CVE vulnerabilities affecting discourse with full Chinese analysis, references, and POCs where available.