📦 Discourse

Discourse versions before 3.4.7 and 3.5.0.beta8 have a session fixation vulnerability in WebAuthn 2FA implementation. When users authenticate with physical security keys, the server fails to clear the...

This vulnerability in Discourse allows attackers to execute arbitrary JavaScript within iframes when Codepen is included in the allowed_iframes setting. It affects all Discourse instances using vulner...

CVE-2021-41163 is a critical remote code execution vulnerability in Discourse that allows attackers to execute arbitrary code on affected servers through maliciously crafted webhook subscription URLs....

This vulnerability in Discourse allows attackers to obtain sensitive information about private resources through URL redirects. When users without proper permissions access permalinks to restricted co...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Discourse's FinalDestination component where hostname validation can be bypassed under certain conditions. This allows attacker...

This CVE describes an authorization bypass vulnerability in Discourse discussion platform where subscription endpoints lack proper ownership verification before allowing modifications. Attackers could...

Discourse users on vulnerable versions can continue to view their own 'whisper' posts even after being removed from groups with whisper permissions. This creates an information disclosure vulnerabilit...

Discourse versions before 3.5.0.beta6 are vulnerable to cross-site scripting (XSS) when social logins are used without Content Security Policy (CSP) enabled. This allows attackers to inject malicious ...

This vulnerability allows HTML injection in Discourse email invitations when topic titles contain HTML. Attackers can inject malicious HTML into email bodies sent to users without accounts, potentiall...

This vulnerability allows attackers to poison the anonymous cache in Discourse by crafting requests with specific headers, potentially causing visitors to receive incomplete or incorrect page content....

This vulnerability allows attackers to poison the anonymous cache in Discourse through crafted XHR requests, potentially serving incomplete or manipulated content to anonymous visitors. Only anonymous...

This vulnerability allows attackers to download Discourse backup files through nginx misconfiguration when using local storage. Only Discourse instances configured with FileStore::LocalStore for uploa...

This vulnerability in Discourse allows authenticated users to create posts with many replies and then fetch them all at once, potentially causing denial of service by reducing instance availability. A...

This vulnerability in Discourse allows attackers to reduce availability through a denial-of-service attack by exploiting improper input validation in the Onebox feature. Attackers can craft malicious ...

Discourse's message serializer mishandles expanded chat mentions (@all and @here), creating excessively large user arrays that can cause denial of service. This affects all Discourse instances running...

Discourse chat messages can be read by unauthenticated attackers via a POST request to MessageBus, exposing private conversations. This affects all Discourse instances running vulnerable versions. The...

CVE-2023-44388 is a denial-of-service vulnerability in Discourse where malicious requests can rapidly fill production log files, causing servers to run out of disk space. This affects all Discourse ad...

Discourse had a vulnerability where private message titles and participant lists were exposed to unauthorized users when groups were included in messages. The vulnerability affected Discourse instance...

This Cross-Site Scripting (XSS) vulnerability in Discourse allows attackers to inject malicious scripts into d-popover tooltips, potentially compromising user sessions and data. Only sites that have m...

This CVE allows non-admin moderators in Discourse to view sensitive information in staff action logs that should be restricted to administrators only. The exposed data includes webhook secrets, API ke...

This vulnerability allows moderators in Discourse to improperly convert private personal messages into public topics, violating user privacy expectations. It affects Discourse instances running versio...

This CVE allows moderators in Discourse to access the 'top_uploads' admin report, which should be restricted to administrators only. The report reveals direct URLs to all uploaded files, potentially e...

A privilege escalation vulnerability in Discourse allows non-admin moderators to bypass email-change restrictions, potentially enabling account takeover of non-staff users. This affects Discourse inst...

This CVE allows Discourse moderators to view user archives containing private topic/post content, violating confidentiality. It affects Discourse instances with versions prior to 3.5.4, 2025.11.2, 202...

This CVE allows non-admin moderators with post ownership transfer permissions to change ownership of posts in private messages and restricted categories they cannot access, then export the data to vie...

This vulnerability allows authenticated users to submit specially crafted payloads to Discourse's drafts endpoint, causing O(n^2) processing that ties up worker threads for 35-60 seconds per request. ...

Discourse versions before 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application-level denial of service vulnerability in the username change functionality. Attackers can send large JSON payloa...

This vulnerability in Discourse allows authenticated users to bypass AI persona access controls, gaining unauthorized access to staff-only AI personas and potentially sensitive data. Attackers can als...

This vulnerability in Discourse allows attackers to upload HTML or XML files to S3 storage that can execute scripts in the context of the S3/CDN domain. It affects all Discourse instances using S3 for...

This CVE describes a content-security-policy-mitigated cross-site scripting (XSS) vulnerability in Discourse's Math plugin when using the KaTeX variant. Attackers could potentially inject malicious sc...

This vulnerability in Discourse allows attackers to discover users' full names even when the 'enable_names' setting is disabled, by using partial username knowledge through UI or API. It affects Disco...

Discourse versions 3.5.0 and below contain an authorization bypass vulnerability in AI suggestion endpoints. Authenticated users can access restricted topic information by manipulating topic_id parame...

This CVE describes a data leak vulnerability in Discourse where unauthenticated users could view private content on the homepage of login-required sites. Only sites deployed between specific commits o...

This vulnerability allows attackers to bypass the user limit for direct messages (DMs) in Discourse, potentially creating DMs that include every user on a site. This affects all Discourse instances ru...

Discourse users who disabled direct messaging in their preferences could still be added to group direct messages in specific circumstances. This affects Discourse instances running vulnerable versions...

This vulnerability in Discourse allows authenticated users to send excessive URL requests to the inline onebox generation endpoint, causing denial of service to parts of the application. Only authenti...

This CVE allows attackers to execute arbitrary JavaScript in users' browsers by posting malicious onebox URLs in Discourse forums. It affects Discourse sites with Content Security Policy (CSP) disable...

This vulnerability allows attackers to execute arbitrary JavaScript in users' browsers by posting malicious video placeholder HTML elements in Discourse forums. Only Discourse sites with Content Secur...

Discourse sites using Discourse Connect (SSO) with local logins still enabled are vulnerable to authentication bypass. Attackers can create accounts and log in without proper SSO validation. This affe...

This CVE describes a cross-site scripting (XSS) vulnerability in Discourse's lightbox thumbnail feature. When users click on lightbox thumbnails, malicious scripts could execute in their browsers. All...

This vulnerability in Discourse allows attackers to submit extremely long tag group names in requests, which can cause resource exhaustion and reduce the availability of the platform. It affects all D...

This vulnerability in Discourse allows attackers to manipulate the FastImage library to redirect requests to internal Discourse IP addresses, potentially enabling server-side request forgery (SSRF). A...

This vulnerability allows a rogue staff user with administrative privileges in Discourse to suspend other staff users, preventing them from logging into the platform. It affects Discourse installation...