Discourse

Category - Message Boards

Discourse is an open source internet forum and mailing list management software application



We have discovered  7,083 live websites   that are using Discourse.

Download Lead List
Download a sample report


Technology usage statistics

Websites using Discourse7,083 websites
Most popular in the country United States
Market position in Message Boards#10
Market share in Message Boards3.56%
Most popular version3.4

Security vulnerabilites


PublishedCVETitleDomains
Oct, 2024CVE-2024-47773Anonymous cache poisoning via XHR requests in Discourse2,963
Oct, 2024CVE-2024-43789Denial of service by the absence of restrictions on replies to posts in Discourse2,805
Oct, 2024CVE-2024-45051Bypass of email address validation via encoded email addresses in Discourse2,963
Oct, 2024CVE-2024-45297Prevent topic list filtering by hidden tags for unauthorized users in Discourse2,963
Oct, 2024CVE-2024-47772Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse2,963
Jul, 2024CVE-2024-37165Discourse has an XSS via Onebox system1,984
Jul, 2024CVE-2024-37299Discourse vulnerable to DoS via Tag Group2,018
Jul, 2024CVE-2024-39320Discourse allows iframe injection though default site setting2,018
Jul, 2024CVE-2024-38360Denial of service via Watched Words in Discourse1,984
Feb, 2024CVE-2024-23654discourse-ai admin-initiated SSRF when interacting with AI services5,368
Jan, 2024CVE-2024-23834Discourse improperly sanitized user input leads to XSS1,613
Jan, 2024CVE-2023-48297Discourse vulnerable to unlimited mentioned users in message serializer1,610
Jan, 2024CVE-2023-49099Discourse secure uploads accessible to guests even when login is required1,610
Jan, 2024CVE-2024-21655Insufficient control of custom field value sizes1,610
Nov, 2023CVE-2023-45806Discourse vulnerable to DoS via Regexp Injection in Full Name1,594
Nov, 2023CVE-2023-45816Unread bookmark reminder notifications that the user cannot access can be seen1,594
Nov, 2023CVE-2023-46130Bypassing height value allowed in some theme components1,594
Nov, 2023CVE-2023-47119HTML injection in oneboxed links1,594
Nov, 2023CVE-2023-47121Discourse SSRF vulnerability in Embedding1,594
Jul, 2023CVE-2023-37904Discourse Race Condition in Accept Invite1,306
Jul, 2023CVE-2023-37906Discourse vulnerable to DoS via post edit reason1,306
Jul, 2023CVE-2023-38498Discourse vulnerable to DoS via defer queue1,306
Jul, 2023CVE-2023-38684Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions1,306
Jul, 2023CVE-2023-38685Discourse's restricted tag information visible to unauthenticated users1,306
Jun, 2023CVE-2023-31142Discourse's general category permissions could be set back to default1,302
Jun, 2023CVE-2023-32061Discourse Topic Creation Page Allows iFrame Tag without Restrictions1,302
Jun, 2023CVE-2023-32301Discourse's canonical url not being used for topic embeddings1,302
Jun, 2023CVE-2023-34250Discourse vulnerable to exposure of number of topics recently created in private categories1,302
Mar, 2023CVE-2023-26040Discourse chat messages susceptible to Cross-site Scripting through chat excerpts1,313
Mar, 2023CVE-2023-25819Discourse tags with no visibility are leaking into og:article:tag1,313
Feb, 2023CVE-2023-25167Regular expression denial of service via installing themes via git in discourse1,292
Jan, 2023CVE-2023-22740Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts1,313
Jan, 2023CVE-2023-23621Discourse vulnerable to ReDoS in user agent parsing1,292
Jan, 2023CVE-2023-23624Discourse's exclude_tags param could leak which topics had a specific hidden tag1,292
Jan, 2023CVE-2022-23548Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an...913
Jan, 2023CVE-2022-46168Group SMTP user emails are exposed in CC email header913
Jan, 2023CVE-2022-46177Discourse password reset link can lead to in account takeover if user changes to a new email1,256
Jan, 2023CVE-2023-22453Discourse vulnerable to exposure of user post counts per topic to unauthorized users1,256
Jan, 2023CVE-2023-22454Discourse vulnerable to Cross-site Scripting through pending post titles descriptions1,256
Jan, 2023CVE-2023-22455Discourse vulnerable to Cross-site Scripting through tag descriptions1,256
Nov, 2022CVE-2022-46150Discourse may allow exposure of hidden tags in the subject of notification emails902
Nov, 2022CVE-2022-41921Discourse chat messages should have a maximum character limit928
Nov, 2022CVE-2022-41944Discourse users can see notifications for topics they no longer have access to901
Sep, 2022CVE-2022-36066Discourse vulnerable to RCE via admins uploading maliciously zipped file898
Sep, 2022CVE-2022-36068Discourse moderators can edit themes via the API898
Sep, 2022CVE-2022-39226Discourse user profile location and website fields were not sufficiently length-limited898
Sep, 2022CVE-2022-37458Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimit...897
Jun, 2022CVE-2022-31060Banner topic data is exposed on login-required Discourse sites889
Jun, 2022CVE-2022-31025Invite bypasses user approval in Discourse889
Apr, 2022CVE-2022-24866Exposure of Sensitive Information to an Unauthorized Actor in Discourse Assign2
Apr, 2022CVE-2022-24804Private group name exposure in discourse882
Jan, 2022CVE-2021-43850Denial of Service in discourse655
Nov, 2021CVE-2021-41271Cache poisoning via maliciously-formed request in discourse651
Aug, 2021CVE-2021-39161Cross-site scripting via category name in Discourse645
Aug, 2021CVE-2021-37693Re-use of email tokens in Discourse645
Aug, 2021CVE-2021-37703Information exposure in Discourse645
Aug, 2021CVE-2021-37633XSS via d-popover and d-html-popover attribute645
Jul, 2021CVE-2021-32788Post creator of a whisper post can be revealed to non-staff users in Discourse643
Jan, 2021CVE-2021-3138In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for c...639
Aug, 2019CVE-2019-15515Discourse 2.3.2 sends the CSRF token in the query string.204
Jul, 2019CVE-2019-1020017Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via ...141
Jul, 2019CVE-2019-1020018Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via ...141

Technology adoption

Recent changes in Discourse usage.
Websites that added Discourse 358
Websites that dropped Discourse 293
Websites that changed version of Discourse  3,613

Available Reports


Technology Information


Major Versions

  • 3.xx (23 subversions, 4,097 domains)
  • 2.xx (60 subversions, 1,212 domains)
  • 1.xx (16 subversions, 59 domains)

Discourse usage by Country

United States4,781 websites



Germany838 websites
France250 websites
Israel202 websites
Singapore153 websites
GB106 websites
European Union82 websites
China69 websites
Switzerland66 websites

Discourse usage by TLD

.com3,038 websites
.org1,198 websites
.net322 websites
.io294 websites
.de175 websites
.edu130 websites
.nl122 websites
.group110 websites
.fr69 websites
.co.uk64 websites

Discourse Versions

sorted by popularity
3.42,193 websites
3.3783 websites
2.9343 websites
3.2307 websites
3.1261 websites
3.3.2212 websites
2.8212 websites
3.3.1158 websites
2.6123 websites
2.7121 websites

See all Discourse versions ...

Websites utilizing Discourse

Top websites that use Discourse
DomainCountryRankContacts
businessinsider.com United States572
academia.edu United States2,759
columbia.edu United States3,599
plone.org United States5,106
community.cloudflare.com United States5,431
marketplace.digitalocean.com United States5,901
See full domain list

Alternative Technologies


bbPress: Total 43,358 domains found using bbPress
phpBB: Total 37,090 domains found using phpBB
BuddyPress: Total 26,480 domains found using BuddyPress
Discuz! X: Total 15,564 domains found using Discuz! X
XenForo: Total 10,609 domains found using XenForo
Altervista: Total 9,332 domains found using Altervista
vBulletin: Total 8,364 domains found using vBulletin
SMF: Total 7,537 domains found using SMF
IPB: Total 7,434 domains found using IPB
Asgaros Forum: Total 5,445 domains found using Asgaros Forum

FAQ

Discourse is Message Boards.
WebTechSurvey continually and systematically explores the internet, indexing technologies employed by websites, including Discourse. Our clients can obtain listings of websites utilizing Discourse through WebTechSurvey's platform.
There are 7,083 live websites that currently use Discourse.
Discourse has 3.56% market share in Message Boards.
The primary competing technologies to Discourse are bbPress, phpBB, BuddyPress, and Discuz! X.
Discourse contains multiple known security vulnerabilities, including CVE-2024-47773, CVE-2024-43789, CVE-2024-45051, and CVE-2024-45297.