Vulnerabilities in Discourse
279 resultsCVE-2023-49099LOWDiscourse secure uploads accessible to guests even when login is requiredEPSS 0.3%CVE-2023-31142LOWDiscourse's general category permissions could be set back to defaultEPSS 0.3%CVE-2024-45297MEDIUMPrevent topic list filtering by hidden tags for unauthorized users in DiscourseEPSS 0.3%CVE-2023-37467MEDIUMDiscourse CSP nonce reuse vulnerability for anonymous usersEPSS 0.3%CVE-2025-48053HIGHDiscourse vulnerable to DoS via large URL payload in PM to a botEPSS 0.3%CVE-2023-43814LOWExposure of poll options and votes to unauthorized users in DiscourseEPSS 0.3%CVE-2023-29196MEDIUMHTML injection via topic embedding in DiscourseEPSS 0.3%CVE-2023-49098LOWReaction data for user notifications exposed in Discourse-reactionsEPSS 0.3%CVE-2026-27936MEDIUMDiscourse discloses restricted post-action counts to non-privileged usersEPSS 0.3%CVE-2026-32099MEDIUMDiscourse prevents hidden profile data leak via user oneboxEPSS 0.3%CVE-2025-68662HIGHFinalDestination hostname matching allows SSRF protection bypassEPSS 0.3%CVE-2025-49845MEDIUMDiscourse users are able to see their own whispers even after being removed from a group that has been configured to see whispersEPSS 0.3%CVE-2026-33394LOWDiscourse leaks PM post edits to moderatorsEPSS 0.3%CVE-2026-33422LOWDiscourse exposes ip_address of flagged userEPSS 0.3%CVE-2026-27021MEDIUMDiscourse: Poll voters endpoint lacked post visibility checksEPSS 0.3%CVE-2022-23546MEDIUMDiscourse vulnerable to private topic leak via email#send_digestEPSS 0.3%CVE-2026-30889MEDIUMDiscourse has Unauthorized Post Data Exposure in discourse-user-notesEPSS 0.3%CVE-2026-33408LOWDiscourse has Improper Authorization in "Post Edits" Report For ModeratorsEPSS 0.3%CVE-2026-33428MEDIUMDiscourse Allows Unauthorized Access to Deleted Posts Index via Group MembershipEPSS 0.3%CVE-2025-61598MEDIUMDiscourse is missing Cache-Control response header on error responsesEPSS 0.3%