CRITICAL9.9CVE-2025-68662FinalDestination hostname matching allows SSRF protection bypass from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2025.12.1, >= 2026.1.0, < 2026.1.0
from 0, < 2.7.9
CRITICAL9.8Discourse SSRF vulnerability in Embedding
from 0, < 3.2.0
CRITICAL9.1Bypass of Discourse Connect using other login paths if enabled in Discourse
from 0, < 3.3.3
HIGH8.8User can bypass approval when invited to Discourse
from 0, < 2.7.13
HIGH8.8Discourse user account takeover via email and invite link
from 0, < 2.8.10
HIGH8.2Discourse has a poll authorization bypass via post_id array parameter
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
HIGH8.2Anonymous cache poisoning via XHR requests in Discourse
from 0, < 3.3.2
HIGH8.2Anonymous cache poisoning via request headers in Discourse
from 0, < 3.3.2
HIGH8.2Bypass of email address validation via encoded email addresses in Discourse
from 0, < 3.3.2
HIGH8.2Anonymous cache poisoning via XHR requests in Discourse
from 0, < 3.3.2
HIGH8.1Discourse password reset link can lead to in account takeover if user changes to a new email
from 0, < 2.8.14
HIGH8.1Discourse's SSRF protection missing for some FastImage requests
from 0, < 3.1.0
HIGH7.5Discourse has IDOR vulnerability in the directory items endpoint
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
HIGH7.5Discourse has authentication bypass vulnerability in the Patreon plugin webhook endpoint
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
HIGH7.5Discourse vulnerable to DoS via Tag Group
from 0, < 3.2.5
HIGH7.5Discourse vulnerable to DoS through Onebox
from 0, < 3.2.3
HIGH7.5No rate limits on POST /uploads endpoint in Discourse
from 0, < 3.2.1
HIGH7.5Disclosure of the existence of secret categories with custom backgrounds in Discourse
from 0, < 3.2.1
HIGH7.5In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
from 0, <= 2.6.0
HIGH7.5Re-use of email tokens in Discourse
from 0, < 2.7.8
HIGH7.5Email activation route can be abused by spammers in Discourse
from 0, <= 2.8.6
HIGH7.5Discourse vulnerable to ReDoS in user agent parsing
from 0, < 3.0.1
HIGH7.5Discourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addresses
from 0, < 3.1.0
HIGH7.5Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions
from 0, < 3.0.6
HIGH7.5Malicious requests can fill up the log files resulting in a deinal of service in Discourse
from 0, <= 3.1.1
HIGH7.5Unauthenticated access to new private chat messages in Discourse
from 0, <= 3.1.1
HIGH7.5Discourse DoS through Onebox favicon URL
>= 3.1.0, < 3.1.3
HIGH7.5Discourse vulnerable to unlimited mentioned users in message serializer
from 0, < 3.1.4
HIGH7.2Discourse vulnerable to RCE via admins uploading maliciously zipped file
from 0, < 2.8.9
HIGH7.2Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.
from 0, < 2.8.8
MEDIUM6.8Denial of Service in discourse
from 0, < 2.7.12
MEDIUM6.8Discourse is an open source discussion platform.
>= 1.1.0-beta1, <= 1.1.0-beta1, >= 1.1.0-beta2, <= 1.1.0-beta2, >= 1.1.0-beta3, <= 1.1.0-beta3, >= 1.1.0-beta4, <= 1.1.0-beta4, >= 1.1.0-beta5, <= 1.1.0-beta5, >= 1.1.0-beta6, <= 1.1.0-beta6, >= 1.1.0-beta6b, <= 1.1.0-beta6b, >= 1.1.0-beta7, <= 1.1.0-beta7, >= 1.1.0-beta8, <= 1.1.0-beta8, >= 1.2.0-beta1, <= 1.2.0-beta1, >= 1.2.0-beta2, <= 1.2.0-beta2, >= 1.2.0-beta3, <= 1.2.0-beta3, >= 1.2.0-beta4, <= 1.2.0-beta4, >= 1.2.0-beta5, <= 1.2.0-beta5, >= 1.2.0-beta6, <= 1.2.0-beta6, >= 1.2.0-beta7, <= 1.2.0-beta7, >= 1.2.0-beta8, <= 1.2.0-beta8, >= 1.2.0-beta9, <= 1.2.0-beta9, >= 1.3.0-beta1, <= 1.3.0-beta1, >= 1.3.0-beta10, <= 1.3.0-beta10, >= 1.3.0-beta11, <= 1.3.0-beta11, >= 1.3.0-beta2, <= 1.3.0-beta2, >= 1.3.0-beta3, <= 1.3.0-beta3, >= 1.3.0-beta4, <= 1.3.0-beta4, >= 1.3.0-beta5, <= 1.3.0-beta5, >= 1.3.0-beta6, <= 1.3.0-beta6, >= 1.3.0-beta7, <= 1.3.0-beta7, >= 1.3.0-beta8, <= 1.3.0-beta8, >= 1.3.0-beta9, <= 1.3.0-beta9, >= 1.4.0-beta1, <= 1.4.0-beta1, >= 1.4.0-beta10, <= 1.4.0-beta10, >= 1.4.0-beta11, <= 1.4.0-beta11, >= 1.4.0-beta12, <= 1.4.0-beta12, >= 1.4.0-beta2, <= 1.4.0-beta2, >= 1.4.0-beta3, <= 1.4.0-beta3, >= 1.4.0-beta4, <= 1.4.0-beta4, >= 1.4.0-beta5, <= 1.4.0-beta5, >= 1.4.0-beta6, <= 1.4.0-beta6, >= 1.4.0-beta7, <= 1.4.0-beta7, >= 1.4.0-beta8, <= 1.4.0-beta8, >= 1.4.0-beta9, <= 1.4.0-beta9, >= 1.5.0-beta1, <= 1.5.0-beta1, >= 1.5.0-beta10, <= 1.5.0-beta10, >= 1.5.0-beta11, <= 1.5.0-beta11, >= 1.5.0-beta12, <= 1.5.0-beta12, >= 1.5.0-beta13, <= 1.5.0-beta13, >= 1.5.0-beta13b, <= 1.5.0-beta13b, >= 1.5.0-beta14, <= 1.5.0-beta14, >= 1.5.0-beta2, <= 1.5.0-beta2, >= 1.5.0-beta3, <= 1.5.0-beta3, >= 1.5.0-beta4, <= 1.5.0-beta4, >= 1.5.0-beta5, <= 1.5.0-beta5, >= 1.5.0-beta6, <= 1.5.0-beta6, >= 1.5.0-beta7, <= 1.5.0-beta7, >= 1.5.0-beta8, <= 1.5.0-beta8, >= 1.5.0-beta9, <= 1.5.0-beta9, >= 1.6.0-beta1, <= 1.6.0-beta1, >= 1.6.0-beta10, <= 1.6.0-beta10, >= 1.6.0-beta11, <= 1.6.0-beta11, >= 1.6.0-beta12, <= 1.6.0-beta12, >= 1.6.0-beta2, <= 1.6.0-beta2, >= 1.6.0-beta3, <= 1.6.0-beta3, >= 1.6.0-beta4, <= 1.6.0-beta4, >= 1.6.0-beta5, <= 1.6.0-beta5, >= 1.6.0-beta6, <= 1.6.0-beta6, >= 1.6.0-beta7, <= 1.6.0-beta7, >= 1.6.0-beta8, <= 1.6.0-beta8, >= 1.6.0-beta9, <= 1.6.0-beta9, >= 1.7.0-beta1, <= 1.7.0-beta1, >= 1.7.0-beta10, <= 1.7.0-beta10, >= 1.7.0-beta11, <= 1.7.0-beta11, >= 1.7.0-beta2, <= 1.7.0-beta2, >= 1.7.0-beta3, <= 1.7.0-beta3, >= 1.7.0-beta4, <= 1.7.0-beta4, >= 1.7.0-beta5, <= 1.7.0-beta5, >= 1.7.0-beta6, <= 1.7.0-beta6, >= 1.7.0-beta7, <= 1.7.0-beta7, >= 1.7.0-beta8, <= 1.7.0-beta8, >= 1.7.0-beta9, <= 1.7.0-beta9, >= 1.8.0-beta1, <= 1.8.0-beta1, >= 1.8.0-beta10, <= 1.8.0-beta10, >= 1.8.0-beta11, <= 1.8.0-beta11, >= 1.8.0-beta12, <= 1.8.0-beta12, >= 1.8.0-beta13, <= 1.8.0-beta13, >= 1.8.0-beta2, <= 1.8.0-beta2, >= 1.8.0-beta3, <= 1.8.0-beta3, >= 1.8.0-beta4, <= 1.8.0-beta4, >= 1.8.0-beta5, <= 1.8.0-beta5, >= 1.8.0-beta6, <= 1.8.0-beta6, >= 1.8.0-beta7, <= 1.8.0-beta7, >= 1.8.0-beta8, <= 1.8.0-beta8, >= 1.8.0-beta9, <= 1.8.0-beta9, >= 1.9.0-beta1, <= 1.9.0-beta1, >= 1.9.0-beta10, <= 1.9.0-beta10, >= 1.9.0-beta11, <= 1.9.0-beta11, >= 1.9.0-beta12, <= 1.9.0-beta12, >= 1.9.0-beta13, <= 1.9.0-beta13, >= 1.9.0-beta14, <= 1.9.0-beta14, >= 1.9.0-beta15, <= 1.9.0-beta15, >= 1.9.0-beta16, <= 1.9.0-beta16, >= 1.9.0-beta17, <= 1.9.0-beta17, >= 1.9.0-beta2, <= 1.9.0-beta2, >= 1.9.0-beta3, <= 1.9.0-beta3, >= 1.9.0-beta4, <= 1.9.0-beta4, >= 1.9.0-beta5, <= 1.9.0-beta5, >= 1.9.0-beta6, <= 1.9.0-beta6, >= 1.9.0-beta7, <= 1.9.0-beta7, >= 1.9.0-beta8, <= 1.9.0-beta8, >= 1.9.0-beta9, <= 1.9.0-beta9, >= 2.0.0-beta1, <= 2.0.0-beta1, >= 2.0.0-beta10, <= 2.0.0-beta10, >= 2.0.0-beta2, <= 2.0.0-beta2, >= 2.0.0-beta3, <= 2.0.0-beta3, >= 2.0.0-beta4, <= 2.0.0-beta4, >= 2.0.0-beta5, <= 2.0.0-beta5, >= 2.0.0-beta6, <= 2.0.0-beta6, >= 2.0.0-beta7, <= 2.0.0-beta7, >= 2.0.0-beta8, <= 2.0.0-beta8, >= 2.0.0-beta9, <= 2.0.0-beta9, >= 2.1.0-beta1, <= 2.1.0-beta1, >= 2.1.0-beta2, <= 2.1.0-beta2, >= 2.1.0-beta3, <= 2.1.0-beta3, >= 2.1.0-beta4, <= 2.1.0-beta4, >= 2.1.0-beta5, <= 2.1.0-beta5, >= 2.1.0-beta6, <= 2.1.0-beta6, >= 2.2.0-beta1, <= 2.2.0-beta1, >= 2.2.0-beta10, <= 2.2.0-beta10, >= 2.2.0-beta2, <= 2.2.0-beta2, >= 2.2.0-beta3, <= 2.2.0-beta3, >= 2.2.0-beta4, <= 2.2.0-beta4, >= 2.2.0-beta5, <= 2.2.0-beta5, >= 2.2.0-beta6, <= 2.2.0-beta6, >= 2.2.0-beta7, <= 2.2.0-beta7, >= 2.2.0-beta8, <= 2.2.0-beta8, >= 2.2.0-beta9, <= 2.2.0-beta9, >= 2.3.0-beta1, <= 2.3.0-beta1, >= 2.3.0-beta10, <= 2.3.0-beta10, >= 2.3.0-beta11, <= 2.3.0-beta11, >= 2.3.0-beta2, <= 2.3.0-beta2, >= 2.3.0-beta3, <= 2.3.0-beta3, >= 2.3.0-beta4, <= 2.3.0-beta4, >= 2.3.0-beta5, <= 2.3.0-beta5, >= 2.3.0-beta6, <= 2.3.0-beta6, >= 2.3.0-beta7, <= 2.3.0-beta7, >= 2.3.0-beta8, <= 2.3.0-beta8, >= 2.3.0-beta9, <= 2.3.0-beta9, >= 2.4.0-beta1, <= 2.4.0-beta1, >= 2.4.0-beta10, <= 2.4.0-beta10, >= 2.4.0-beta11, <= 2.4.0-beta11, >= 2.4.0-beta2, <= 2.4.0-beta2, >= 2.4.0-beta3, <= 2.4.0-beta3, >= 2.4.0-beta4, <= 2.4.0-beta4, >= 2.4.0-beta5, <= 2.4.0-beta5, >= 2.4.0-beta6, <= 2.4.0-beta6, >= 2.4.0-beta7, <= 2.4.0-beta7, >= 2.4.0-beta8, <= 2.4.0-beta8, >= 2.4.0-beta9, <= 2.4.0-beta9, >= 2.5.0-beta1, <= 2.5.0-beta1, >= 2.5.0-beta2, <= 2.5.0-beta2, >= 2.5.0-beta3, <= 2.5.0-beta3, >= 2.5.0-beta4, <= 2.5.0-beta4, >= 2.5.0-beta5, <= 2.5.0-beta5, >= 2.5.0-beta6, <= 2.5.0-beta6, >= 2.5.0-beta7, <= 2.5.0-beta7, >= 2.6.0-beta1, <= 2.6.0-beta1, >= 2.6.0-beta2, <= 2.6.0-beta2, >= 2.6.0-beta3, <= 2.6.0-beta3, >= 2.6.0-beta4, <= 2.6.0-beta4, >= 2.6.0-beta5, <= 2.6.0-beta5, >= 2.6.0-beta6, <= 2.6.0-beta6, >= 2.7.0-beta1, <= 2.7.0-beta1, >= 2.7.0-beta2, <= 2.7.0-beta2, >= 2.7.0-beta3, <= 2.7.0-beta3, >= 2.7.0-beta4, <= 2.7.0-beta4, >= 2.7.0-beta5, <= 2.7.0-beta5, >= 2.7.0-beta6, <= 2.7.0-beta6, >= 2.7.0-beta7, <= 2.7.0-beta7, >= 2.7.0-beta8, <= 2.7.0-beta8, >= 2.7.0-beta9, <= 2.7.0-beta9, >= 2.8.0-beta1, <= 2.8.0-beta1, >= 2.8.0-beta10, <= 2.8.0-beta10, >= 2.8.0-beta11, <= 2.8.0-beta11, >= 2.8.0-beta2, <= 2.8.0-beta2, >= 2.8.0-beta3, <= 2.8.0-beta3, >= 2.8.0-beta4, <= 2.8.0-beta4, >= 2.8.0-beta5, <= 2.8.0-beta5, >= 2.8.0-beta6, <= 2.8.0-beta6, >= 2.8.0-beta7, <= 2.8.0-beta7, >= 2.8.0-beta8, <= 2.8.0-beta8, >= 2.8.0-beta9, <= 2.8.0-beta9, >= 2.9.0-beta1, <= 2.9.0-beta1, >= 2.9.0-beta10, <= 2.9.0-beta10, >= 2.9.0-beta11, <= 2.9.0-beta11, >= 2.9.0-beta12, <= 2.9.0-beta12, >= 2.9.0-beta13, <= 2.9.0-beta13, >= 2.9.0-beta14, <= 2.9.0-beta14, >= 2.9.0-beta2, <= 2.9.0-beta2, >= 2.9.0-beta3, <= 2.9.0-beta3, >= 2.9.0-beta4, <= 2.9.0-beta4, >= 2.9.0-beta5, <= 2.9.0-beta5, >= 2.9.0-beta6, <= 2.9.0-beta6, >= 2.9.0-beta7, <= 2.9.0-beta7, >= 2.9.0-beta8, <= 2.9.0-beta8, >= 2.9.0-beta9, <= 2.9.0-beta9, >= 3.0.0-beta15, <= 3.0.0-beta15, >= 3.0.0-beta16, <= 3.0.0-beta16, >= 3.1.0-beta1, <= 3.1.0-beta1, >= 3.1.0-beta2, <= 3.1.0-beta2, >= 3.1.0-beta3, <= 3.1.0-beta3, >= 3.1.0-beta5, <= 3.1.0-beta5, >= 3.1.0-beta6, <= 3.1.0-beta6
MEDIUM6.5Discourse filters whisper posts from private-posts feed
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
MEDIUM6.5Discourse prevents hidden profile data leak via user onebox
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
MEDIUM6.5Discourse doesn't ensure webhooks require a token
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
MEDIUM6.5Discourse staff action logs expose sensitive information to moderators
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2025.12.1, >= 2026.1.0, < 2026.1.0
MEDIUM6.5Discourse topic conversion permission vulnerability for moderators
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2025.12.1, >= 2026.1.0, < 2026.1.0
MEDIUM6.5Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2026.1.0
MEDIUM6.5Partial denial of service via inline oneboxes in Discourse
from 0, < 3.3.3
MEDIUM6.5Discourse missing authorization checks for suspending admins/moderators
from 0, < 3.2.3
MEDIUM6.5Denial of service through invites in Discourse
from 0, < 3.2.1
MEDIUM6.5Denial of service via Staff Actions in Discourse
from 0, < 3.2.1
MEDIUM6.5Discourse is an option source discussion platform.
from 0, < 2.8.14
MEDIUM6.5Discourse vulnerable to bypass of post max_length using HTML comments
from 0, < 2.8.14
MEDIUM6.5Denial of Service in Discourse
from 0, < 2.8.1
MEDIUM6.5Discourse is an open source discussion platform.
>= 2.9.0-beta5, <= 2.9.0-beta5, >= 2.9.0-beta6, <= 2.9.0-beta6, >= 2.9.0-beta7, <= 2.9.0-beta7, >= 2.9.0-beta8, <= 2.9.0-beta8, >= 2.9.0-beta9, <= 2.9.0-beta9
MEDIUM6.5Users erroneously and transparently added to private messages in Discourse
from 0, < 2.8.10
MEDIUM6.5Discourse subject to Allocation of Resources Without Limits or Throttling
from 0, < 3.0.1
MEDIUM6.5Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts
from 0, < 3.0.1
MEDIUM6.5Discourse is an open-source discussion platform.
>= 3.1.0-beta2, <= 3.1.0-beta2
MEDIUM6.5Discourse is an open source discussion platform.
>= 3.1.0-beta5, <= 3.1.0-beta5
MEDIUM6.5Discourse vulnerable to DoS via defer queue
from 0, < 3.0.6
MEDIUM6.5Discourse vulnerable to DoS via drafts
from 0, < 3.1.1
MEDIUM6.5Discourse DoS via 2FA and Security Key Names
from 0, < 3.1.1
MEDIUM6.5Discourse DoS via remote theme assets
from 0, < 3.1.1
MEDIUM6.5Discourse DoS via SvgSprite cache
from 0, < 3.1.1
MEDIUM6.1Discourse allows script execution in uploaded HTML/XML files on S3
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2025.12.1, >= 2026.1.0, < 2026.1.0
MEDIUM6.1Discourse vulnerable to XSS via user-provided query parameter in oauth failure flow
from 0, < 3.5.0
MEDIUM6.1Discourse vulnerable to HTML injection when inviting to topic via email
from 0, < 3.4.4
MEDIUM6.1HTMLi(XSS without CSP) via Onebox urls in Discourse
from 0, < 3.4.0
MEDIUM6.1Stored DOM-based XSS (without CSP) via video placeholders in Discourse
from 0, < 3.4.0
MEDIUM6.1Magnific lightbox susceptible to Cross-site Scripting in Discourse
from 0, < 3.3.3
MEDIUM6.1Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse
from 0, < 3.3.2
MEDIUM6.1Discourse has an XSS via Onebox system
from 0, < 3.2.3
MEDIUM6.1Discourse allows iframe injection though default site setting
from 0, < 3.2.5
MEDIUM6.1Discourse vulnerable to stored-dom XSS via Facebook Oneboxes
from 0, < 3.2.3
MEDIUM6.1XSS via d-popover and d-html-popover attribute
from 0, < 2.7.8
MEDIUM6.1XSS via blocked watched word in error message
from 0, <= 2.7.7
MEDIUM6.1Discourse vulnerable to Cross-site Scripting through pending post titles descriptions
from 0, < 2.8.14
MEDIUM6.1Discourse vulnerable to Cross-site Scripting through tag descriptions
from 0, < 2.8.14
MEDIUM6.1HTML injection via topic embedding in Discourse
from 0, < 3.1.0
MEDIUM6.1CSP nonce reuse vulnerability in Discourse
from 0, < 3.0.5
MEDIUM6.1HTML injection in oneboxed links
from 0, < 3.2.0
MEDIUM6.1Discourse improperly sanitized user input leads to XSS
from 0, < 3.2.0
MEDIUM5.9Potential Backup file leaked via Nginx in Discourse
from 0, < 3.3.3
MEDIUM5.7Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse
from 0, <= 2.8.4
MEDIUM5.7Regular expression denial of service via installing themes via git in discourse
from 0, < 3.0.1
MEDIUM5.5Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint
from 0, < 2026.3.0
MEDIUM5.5Discourse vulnerable to private topic leak via email#send_digest
from 0, < 2.9.0
MEDIUM5.4Discourse: XSS on category description update via API
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
MEDIUM5.4Discourse's solved topic stream has potential stored XSS in topic title
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
MEDIUM5.4Discourse hardens chat DM channel creation and expansion
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
MEDIUM5.4Discourse has stored click‑based XSS via Graphviz SVG javascript: links
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
MEDIUM5.4Discourse has a Hidden Solved topics permission bypass
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
MEDIUM5.4Discourse vulnerable to HTML injection via prohibited iframe URLs
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
MEDIUM5.4DIscourse's discourse-policy plugin lacks post access check
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
MEDIUM5.4Discourse non-admin moderators can exfiltrate private content via post ownership transfer
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2025.12.1, >= 2026.1.0, < 2026.1.0
MEDIUM5.4Discourse vulnerable to stored Cross-site Scripting via Katex in discourse-math plugin
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2025.12.1, >= 2026.1.0, < 2026.1.0
MEDIUM5.4Discourse is vulnerable to XSS when quoting chat messages
from 0, < 3.5.1
MEDIUM5.4Cross-site Scripting (XSS) via topic titles when CSP disabled in Discourse
from 0, < 3.3.3
MEDIUM5.4YouTube Onebox susceptible to XSS
from 0, <= 2.7.5
MEDIUM5.4Cross-site scripting via category name in Discourse
from 0, < 2.7.8
MEDIUM5.4Discourse allows self-XSS through malicious composer message
from 0, < 2.8.11
MEDIUM5.4Discourse vulnerable to Cross-site Scripting in local oneboxes
from 0, < 2.8.13
MEDIUM5.4Discourse vulnerable to Cross-site Scripting - user name displayed on post
from 0, < 3.1.0
MEDIUM5.4Stored Cross-site Scripting via improper sanitization of svg files in Discourse
from 0, < 3.1.0 | from 0, <= 3.0.2
MEDIUM5.4Cross-site Scripting via email preview when CSP disabled in Discourse
from 0, <= 3.1.1
MEDIUM5.4Discourse vulnerable to DoS via Regexp Injection in Full Name
from 0, < 3.2.0
MEDIUM5.4Bypassing height value allowed in some theme components
from 0, < 3.2.0
MEDIUM5.3Discourse: Cached outdated summaries can leak removed content
from 0, < 2026.1.4, >= 2026.3.0, < 2026.3.1, >= 2026.4.0, < 2026.4.1
MEDIUM5.3Discourse has check revision visibility on posts endpoint
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
MEDIUM5.3Discourse has DoS vulnerability in username change endpoint
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2025.12.1, >= 2026.1.0, < 2026.1.0
MEDIUM5.3Discourse subscriptions are susceptible to takeover
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2025.12.1, >= 2026.1.0, < 2026.1.0
MEDIUM5.3Discourse vulnerable to Server-Side Request Forgery via FastImage
from 0, < 3.2.3
MEDIUM5.3Disclosure of the existence of secret subcategories in Discourse
from 0, < 3.2.1
MEDIUM5.3Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function.
>= 2.3.2, < 2.3.3, >= 2.6.0, < 2.6.1
MEDIUM5.3Cache poisoning via maliciously-formed request in discourse
from 0, <= 2.7.9
MEDIUM5.3Anonymous user cache poisoning via development-mode header in Discourse
from 0, < 2.7.11
MEDIUM5.3Group advanced search option may leak group and group's members visibility
from 0, <= 2.7.12
MEDIUM5.3Private group name exposure in discourse
from 0, < 2.8.3
MEDIUM5.3Anonymous user cache poisoning in discourse
from 0, < 2.8.3
MEDIUM5.3Invite bypasses user approval in Discourse
from 0, < 2.8.4
MEDIUM5.3Banner topic data is exposed on login-required Discourse sites
from 0, < 2.8.4
MEDIUM5.3Cache poisoning via maliciously-formed request in Discourse
from 0, < 2.8.7
MEDIUM5.3Displaying user badges can leak topic titles to users that have no access to the topic
from 0, < 2.8.9
MEDIUM5.3Discourse vulnerable to exposure of user post counts per topic to unauthorized users
from 0, < 2.8.14
MEDIUM5.3Malicious users in Discourse can create spam topics as any user due to improper access control
from 0, < 3.0.1
MEDIUM5.3Discourse restricted tag routes leak topic information
from 0, < 3.0.1
MEDIUM5.3Discourse's exclude_tags param could leak which topics had a specific hidden tag
from 0, < 3.0.1
MEDIUM5.3Discourse tags with no visibility are leaking into og:article:tag
from 0, < 3.1.0
MEDIUM5.3Discourse's general category permissions could be set back to default
from 0, < 3.0.4
MEDIUM5.3Discourse Topic Creation Page Allows iFrame Tag without Restrictions
from 0, < 3.0.4
MEDIUM5.3Discourse's canonical url not being used for topic embeddings
from 0, < 3.0.4
MEDIUM5.3Discourse vulnerable to exposure of number of topics recently created in private categories
from 0, < 3.0.4
MEDIUM5.3Prevent unauthorized access to summary details in Discourse
from 0, <= 3.1.1
MEDIUM4.9Users can see other user's tagged PMs in Discourse
from 0, < 3.4.0
MEDIUM4.9Denial of service via Watched Words in Discourse
from 0, < 3.2.3
MEDIUM4.9Possible Server-Side Request Forgery (SSRF) in webhooks
from 0, < 2.8.10
MEDIUM4.9Discourse vulnerable to multisite DoS by spamming backups
from 0, < 3.1.0 | from 0, <= 3.0.1
MEDIUM4.9Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse
from 0, < 3.1.0 | from 0, <= 3.0.1
MEDIUM4.3Discourse: Authorization bypass in oneboxer via user-controlled category id
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
MEDIUM4.3Discourse: Unauthorized channel membership inference via excluded_memberships_channel_id
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
MEDIUM4.3PM access granted through invites after access revocation
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
MEDIUM4.3Discourse exposes ip_address of flagged user
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
MEDIUM4.3Discourse fixes loose hostname matching in spam host allowlist
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
MEDIUM4.3Discourse doesn't scope reviewable notes to user-visible reviewables
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
MEDIUM4.3Discourse AI Suggestions Contain Insecure Direct Object Reference
from 0, < 3.5.1
MEDIUM4.3Discourse may bypass user preference when adding users to chat groups
from 0, < 3.4.0
MEDIUM4.3Potential bypass of chat permissions in Discourse
from 0, < 3.3.3
MEDIUM4.3Prevent topic list filtering by hidden tags for unauthorized users in Discourse
from 0, < 3.3.2
MEDIUM4.3Denial of service by the absence of restrictions on replies to posts in Discourse
from 0, < 3.3.1
MEDIUM4.3Discourse doesn't limit reviewable user serializer payload
from 0, < 3.2.3
MEDIUM4.3Post creator of a whisper post can be revealed to non-staff users in Discourse
from 0, < 2.7.7
MEDIUM4.3Information exposure in Discourse
from 0, < 2.7.8
MEDIUM4.3Notifications leak in Discourse
from 0, < 2.7.11
MEDIUM4.3Bypass of Poll voting limits in Discourse
from 0, < 2.7.11
MEDIUM4.3Exposure of whisper participants in discourse
from 0, < 2.7.13
MEDIUM4.3User's bio visible even if profile is restricted in Discourse
from 0, < 2.7.13
MEDIUM4.3Secure category names leaked via user activity export in Discourse
from 0, < 2.8.3
MEDIUM4.3Category group permissions leaked in Discourse
from 0, < 2.8.2
MEDIUM4.3Discourse moderators can edit themes via the API
from 0, < 2.8.9
MEDIUM4.3Discourse user profile location and website fields were not sufficiently length-limited
from 0, < 2.8.9
MEDIUM4.3Discourse chat messages should have a maximum character limit
from 0, < 2.9.0
MEDIUM4.3Discourse users can see notifications for topics they no longer have access to
from 0, < 2.8.12
MEDIUM4.3Discourse may allow exposure of hidden tags in the subject of notification emails
from 0, < 2.8.13
MEDIUM4.3Any authenticated Discourse user can create an unlisted topic
from 0, < 2.8.14
MEDIUM4.3Discourse membership requests lack character limit
from 0, < 3.0.1
MEDIUM4.3Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users
from 0, < 3.0.0
MEDIUM4.3Presence of restricted personal Discourse messages may be leaked if tagged with a tag
from 0, < 3.0.1
MEDIUM4.3Topic Title Validation Skipped When Changing Category in Discourse
from 0, < 3.0.5
MEDIUM4.3Discourse vulnerable to DoS via post edit reason
from 0, < 3.0.6
MEDIUM4.3Discourse's restricted tag information visible to unauthenticated users
from 0, < 3.0.6
MEDIUM4.3Discourse secure uploads accessible to guests even when login is required
from 0, < 3.1.4
MEDIUM4.3Insufficient control of custom field value sizes
from 0, < 3.1.4
LOW3.8Discourse users can edit or synonymize hidden tags they can't see
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
LOW3.7Exposure of poll options and votes to unauthorized users in Discourse
from 0, <= 3.1.1
LOW3.5Group SMTP user emails are exposed in CC email header
from 0, < 2.8.14
LOW3.3Unread bookmark reminder notifications that the user cannot access can be seen
from 0, < 3.2.0
LOW3.1Discourse has race condition when adding users to a group DM
from 0, < 3.4.0
LOW3.1Discourse Race Condition in Accept Invite
from 0, < 3.0.6
LOW3.1Arbitrary keys can be added to a topic's custom fields by any user in Discourse
from 0, <= 3.1.1
LOW2.7Discourse has Improper Authorization in "Post Edits" Report For Moderators
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
LOW2.7Discourse leaks PM post edits to moderators
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
LOW2.7Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse
from 0, < 3.3.3
LOW2.7Denial of service via admin theme import route in Discourse
from 0, < 3.0.3
—Discourse has a subscription access bypass in its discourse-subscriptions plugin
from 0, < 2026.1.4, >= 2026.3.0, < 2026.3.1, >= 2026.4.0, < 2026.4.1
—Discourse: Information Disclosure in Form Template API Due to Missing Authorization
from 0, < 2026.1.4, >= 2026.3.0, < 2026.3.1, >= 2026.4.0, < 2026.4.1
—Discourse: Staged user custom fields are exposed on public invite pages
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse: Hidden tag visibility bypass on tag routes
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpoint
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse: Group SMTP test endpoint susceptible to SSRF
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse: Vulnerability in discourse-subscriptions plugin allowing users to self-grant to higher tier subscriptions
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—discourse-subscriptions plugin leaking stripe API key in multisite environment
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse: Missing post-level authorization allows whisper metadata disclosure
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse: Category group moderators can perform actions on topics in restricted categories without read access
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse: Stored XSS via unescaped assignee name
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse: Stored XSS in discourse-ai shared conversations onebox
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse: Admin-only report can be exported by moderators
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse: Open redirect via `sso_destination_url` cookie in `enter`
>= 2026.1.0, < 2026.1.3, >= 2026.2.0, < 2026.2.2
—Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse Authorization Page Displays Unvalidated Redirect Domain
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse has inferable private group membership or existence via exclude_groups parameter
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse staff can modify any user's group notification level
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse user can create Zendesk tickets even when it does not have access to topic
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse's unscoped status lookups leak restricted metadata
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` check
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse hasUnauthorized Exposure of Private User Action Types
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse has Unauthorized Post Data Exposure in discourse-user-notes
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse missing permission check for policy creation in discourse-policy
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.4.0
—Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.4.0
—Discourse discloses restricted post-action counts to non-privileged users
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.4.0
—Discourse leaks private topic metadata to non-authorized users
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.4.0
—Discourse leaks private topic title and post excerpt via user action API endpoint
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse has Stored XSS in AI Triage Automation
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse has a bypass of official warnings messages by non-staff users
>= 2026.1.0, < 2026.1.2, >= 2026.2.0, < 2026.2.1, >= 2026.3.0, < 2026.3.0
—Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
—Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
—Discourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query Execution
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
—DIscourse doesn't prevent whispers to leak in excerpts
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
—Discourse has XSS when editing a malicious post
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
—Discourse doesn't prevent moderators from exporting user Chat DMs
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
—DIscourse has DM communication-preference bypass when adding members
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
—Discourse doesn't validate destination topic when moving posts
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
—Discourse doesn't ensure guardian check when creating QueryGroupBookmark
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
—Discourse has SQL injection in PM tag filtering
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
—Discourse: Poll voters endpoint lacked post visibility checks
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
—Discourse: TL4 users are able to change status of restricted topics
from 0, < 2025.12.2, >= 2026.1.0, < 2026.1.1
—Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2025.12.1, >= 2026.1.0, < 2026.1.0
—Discourse moderators can access admin-only reports exposing private upload URLs
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2025.12.1, >= 2026.1.0, < 2026.1.0
—Discourse users archives leaked to users with moderation privileges
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2026.1.0
—Discourse AI Discover's continue conversation allows threat actor to impersonate user
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2025.12.1, >= 2026.1.0, < 2026.1.0
—Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users
from 0, < 3.5.4, >= 2025.11.0, < 2025.11.2, >= 2025.12.0, < 2026.2.0
—Users are able to find users by name even when `enable_names` is off
from 0, < 3.5.3, >= 2025.11.0, < 2025.11.1
—Discourse is missing Cache-Control response header on error responses
from 0, < 3.6.2
—Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments
from 0, < 3.5.1
—Discourse welcome banner user name XSS
from 0, < 3.5.0
—Discourse's WebAuthn challenge isn't cleared from user session after authentication
from 0, < 3.4.7
—Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers
from 0, < 3.4.6
—Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe
from 0, < 3.4.4
—Discourse vulnerable to DoS via large URL payload in PM to a bot
from 0, < 3.4.4
—Discourse DM limits aren’t always properly enforced
from 0, < 3.4.3