Discourse ↗

Discourse · Collaboration

Track your version:Monitors Discourse and tailors your dashboard to that exact version.

2026.5.0 · latest cycle74/100 Good

Summary iPlain-English security verdict for Discourse, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Discourse currently scores 74/100 — good. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 2026.5.0. It's largely safe; apply minor updates as they appear.

Disclosure trend iNew CVEs published for Discourse each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19

'20

'21

'22

'23

'24

'25

'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2021-41163 CRITICAL Injection EPSS 20% → fixed in 2.7.9 CVE-2022-36066 CRITICAL Unrestricted file upload EPSS 2% → fixed in 2.8.9 CVE-2025-53102 CRITICAL CWE-384 EPSS 0% → fixed in 3.4.6 CVE-2025-48877 CRITICAL CWE-1038 EPSS 0% → fixed in 3.5.0

See all 252 known Discourse CVEs & security history →

Get alerted about Discourse

Be emailed the moment Discourse gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for Discourse — no marketing, no sharing, and we never know what you run. Track your whole stack →

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Discourse release line is supported — and when it sunsets. Select a line for its full report.

Sept30'26 Discourse 2026.1EOL 2026-09-30

Jul31'26 Discourse 2026.5EOL 2026-07-31

Jun30'26 Discourse 2026.4EOL 2026-06-30

May28'26 Discourse 2026.3ended 2026-05-28

Apr28'26 Discourse 2026.2ended 2026-04-28

Feb26'26 Discourse 2025.12ended 2026-02-26

Jan28'26 Discourse 2025.11ended 2026-01-28

Jan28'26 Discourse 3.5ended 2026-01-28

Aug19'25 Discourse 3.4ended 2025-08-19

Full Discourse end-of-life dates & support timeline →

2026.5 latest 2026.5.0 Supported until 2026-07-312026.5.0 → 2026.4 latest 2026.4.1 Supported until 2026-06-302026.4.1 → 2026.3 latest 2026.3.1 End of life ended 2026-05-282026.3.1 → 2026.2 latest 2026.2.2 End of life ended 2026-04-282026.2.2 → 2026.1 latest 2026.1.4 Supported until 2026-09-302026.1.4 → 2025.12 latest 2025.12.2 End of life ended 2026-02-262025.12.2 → 2025.11 latest 2025.11.2 End of life ended 2026-01-282025.11.2 → 3.5 latest 3.5.4 End of life ended 2026-01-283.5.4 → 3.4 latest 3.4.7 End of life ended 2025-08-193.4.7 → See all upcoming end-of-life dates →

Frequently asked

Is Discourse safe and patched?

What should I do about Discourse now?

Upgrade Discourse to the latest supported release (2026.5.0) or later and apply available security updates, then confirm against Discourse's official advisory.

When does Discourse reach end-of-life?

The latest supported Discourse release is 2026.5.0. After end-of-life a release no longer receives security patches.

Which versions of Discourse are still receiving security updates?

Supported Discourse release lines (latest 2026.5.0): 2026.5, 2026.4, 2026.1. End-of-life releases no longer receive security patches.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Discourse's official advisory before you patch or upgrade — Discourse official site ↗