Discourse Information Disclosure Vulnerability (CNVD-2026-17257)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . An information disclosure vulnerability exists in Discourse, which can be exploited by attackers to cause sensitive operational data to b...

EUVD-2022-41823

Malicious code in bioql PyPI...

CVE-2025-46813

Discourse data-leak CVE-2025-46813 affects login-required sites deployed between 2025-04-30 12:00 EDT and 2025-05-02 12:00 EDT, where content on a site’s homepage could be visible to unauthenticated users. Affected are Discourse versions 3.5.0.beta4 before commit 82d84af6b0efbd9fa2aeec3e91ce7be1a...

CVE-2024-52794 Magnific lightbox susceptible to Cross-site Scripting in Discourse

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2024-47772

CVE-2024-47772: Discourse exposes a cross-site scripting (XSS) vulnerability via chat excerpts when CSP is disabled. An attacker can cause arbitrary JavaScript execution in a user’s browser by sending a maliciously crafted chat message and a reply. The issue affects sites with CSP disabled and is...

CVE-2024-27100 Denial of service via Staff Actions in Discourse

Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could...

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. Discourse suffers from a security vulnerability that stems from the use of parameters that allow the injection of arbitrarily large amounts of data...

Apache Answer Competitive Conditions Issue Vulnerability

Apache Answer is a community platform of the Apache USA Foundation. Apache Answer 1.2.1 and prior versions suffer from a Competing Conditions vulnerability, which arises from improper handling of concurrent access when concurrent code requires mutually exclusive access to shared resources during...

BIT-DISCOURSE-2023-45147 Arbitrary keys can be added to a topic's custom fields by any user in Discourse

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation...

Design/Logic Flaw

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkabl...

Design/Logic Flaw

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation...

CVE-2023-45147

Discourse (CVE-2023-45147) allows any user to add arbitrary keys to a topic's custom fields. Impact depends on installed plugins; with default plugins, impact is low/none. Patched in the latest Discourse: upgrade to version 3.1.1 (stable) or 3.2.0.beta2 (beta). If upgrade isn’t possible, disable ...

Samsung Members dynamic receiver code issue vulnerability

Samsung Members is a community platform app from Samsung, a South Korean company. a code issue vulnerability exists in versions prior to Samsung Members 4.2.005. The vulnerability stems from the fact that dynamic receivers in Samsung Members are not properly protected and can be exploited by...

Malicious code in ddg_community_platform (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2cef0b122b2bbe60dbc548a1742701b973e65a79378f42912a000400d99d38a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Samsung Members Access Control Error Vulnerability

Samsung Members is a community platform app from Samsung South Korea, Inc. An access control error vulnerability exists in versions prior to Samsung Members 13.6.08.5, which stems from a lack of proper access validation logic. A local attacker could exploit the vulnerability to execute the call...

CVE-2022-24804

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...

CVE-2022-24804 Private group name exposure in discourse

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user...

CVE-2022-21684

Discourse (open source platform) contains a login-bypass vulnerability for invited users when must_approve_users is enabled. Affected versions: prior to 2.7.13 (stable) and 2.8.0.beta11 (beta/tests-passed) allow invited users to log in automatically and perform actions of approved users; after lo...

Discourse has an unspecified vulnerability (CNVD-2022-05509)

Discourse is an open source community discussion platform that includes community, email, and chat room features. The platform includes community, email, and chat room features.Discourse has a security vulnerability that stems from a lack of filtering in the Polls feature for single-option voting...

Discourse Access Control Error Vulnerability

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.An access control error vulnerability exists in versions of Discourse prior to 2.3.0 and 2.4.x prior to 2.4.0.beta3, which stems from a network system or product that does not...