High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-20	CVE-2021-41082	Incorrect Authorization vulnerability in Discourse Discourse is a platform for community discussion. network low complexity discourse CWE-863	7.5
2021-08-13	CVE-2021-37693	Unspecified vulnerability in Discourse Discourse is an open-source platform for community discussion. network low complexity discourse	7.5
2021-01-14	CVE-2021-3138	Improper Restriction of Excessive Authentication Attempts vulnerability in Discourse In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. network low complexity discourse CWE-307	7.5
2019-07-29	CVE-2019-1020018	Improper Authentication vulnerability in Discourse Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link. network low complexity discourse CWE-287	7.3