Discourse 3.1.0 Beta 4 Beta Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:discourse:discourse:3.1.0:beta4:*:*:beta:*:*:*
part: a version: 3.1.0 update: beta4
| Vendor | Discourse (2d3c125b-857a-5933-b846-ed7f9d5e0225) |
|---|---|
| Product | Discourse (4347364d-ae10-5ab6-a9ec-6e7dcaf78dd8) |
| Edition | * |
| Language | * |
| Software edition | beta |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/discourse/discourse |
purl2cpe | 2026-06-01 10:13:03.589390 |
pkg:rpm/opensuse/discourse |
purl2cpe | 2026-06-01 10:13:03.589391 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-32376 |
vulnerable | 2026-06-03 15:00:40.687537 |
Discourse DM limits aren’t always properly enforced
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3.
Published: 2025-04-30T14:55:21.473Z
Updated: 2025-04-30T15:08:52.268Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34250 |
vulnerable | 2026-06-03 14:52:16.131220 |
Discourse vulnerable to exposure of number of topics recently created in private categories
MEDIUM (4.8)
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.
Published: 2023-06-13T21:41:29.652Z
Updated: 2025-01-02T21:08:05.472Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32301 |
vulnerable | 2026-06-03 14:51:58.151249 |
Discourse's canonical url not being used for topic embeddings
LOW (3.1)
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled.
Published: 2023-06-13T21:35:38.188Z
Updated: 2025-01-02T21:05:51.203Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32061 |
vulnerable | 2026-06-03 14:51:57.454374 |
Discourse Topic Creation Page Allows iFrame Tag without Restrictions
MEDIUM (5.4)
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.
Published: 2023-06-13T21:16:09.257Z
Updated: 2025-01-02T21:04:09.789Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-31142 |
vulnerable | 2026-06-03 14:51:54.694765 |
Discourse's general category permissions could be set back to default
LOW (2)
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose.
Published: 2023-06-13T21:12:47.664Z
Updated: 2025-01-02T21:02:40.153Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.