Nixpkgs security tracker

NIXPKGS-2026-0897

GitHub issue published on

Permalink CVE-2026-32618

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

updated 12 hours ago by @LeSuisse Activity log

Created automatic suggestion 15 hours ago
@LeSuisse removed package discourse-mail-receiver 12 hours ago
@LeSuisse removed package python312Packages.pydiscourse 12 hours ago
@LeSuisse removed package python313Packages.pydiscourse 12 hours ago
@LeSuisse removed package python314Packages.pydiscourse 12 hours ago
@LeSuisse removed package grafanaPlugins.grafana-discourse-datasource 12 hours ago
@LeSuisse removed maintainer @talyz 12 hours ago
@LeSuisse accepted 12 hours ago
@LeSuisse published on GitHub 12 hours ago

Discourse: Unauthorized channel membership inference via excluded_memberships_channel_id

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, there is possible channel membership inference from chat user search without authorization. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

References

https://github.com/discourse/discourse/security/advisories/GHSA-pc8p-w2m7-hgf3 x_refsource_CONFIRM
https://github.com/discourse/discourse/commit/81fd89e744058e509412158e5e6ac90c856ade64 x_refsource_MISC

Affected products

discourse

==>= 2026.2.0-latest, < 2026.2.2
==>= 2026.1.0-latest, < 2026.1.3
==>= 2026.3.0-latest, < 2026.3.0

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

Package maintainers

Ignored maintainers (1)

@talyz Kim Lindberger <kim.lindberger@gmail.com>

https://github.com/discourse/discourse/security/advisories/GHSA-pc8p-w2m7-hgf3

NIXPKGS-2026-0900

GitHub issue published on

Permalink CVE-2026-33415

updated 12 hours ago by @LeSuisse Activity log

Created automatic suggestion 15 hours ago
@LeSuisse removed package discourse-mail-receiver 12 hours ago
@LeSuisse removed package python312Packages.pydiscourse 12 hours ago
@LeSuisse removed package python313Packages.pydiscourse 12 hours ago
@LeSuisse removed package python314Packages.pydiscourse 12 hours ago
@LeSuisse removed package grafanaPlugins.grafana-discourse-datasource 12 hours ago
@LeSuisse removed maintainer @talyz 12 hours ago
@LeSuisse accepted 12 hours ago
@LeSuisse published on GitHub 12 hours ago

Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were not authorized to view. Insufficient access controls on a sentiment analytics endpoint allowed category permission boundaries to be bypassed. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

References

https://github.com/discourse/discourse/security/advisories/GHSA-vj5f-gg8m-93xg x_refsource_CONFIRM
https://github.com/discourse/discourse/commit/e1bb146a1fadc863a516fbc26c6277273a025308 x_refsource_MISC

Affected products

discourse

==>= 2026.2.0-latest, < 2026.2.2
==>= 2026.1.0-latest, < 2026.1.3
==>= 2026.3.0-latest, < 2026.3.0

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

Package maintainers

Ignored maintainers (1)

@talyz Kim Lindberger <kim.lindberger@gmail.com>

https://github.com/discourse/discourse/security/advisories/GHSA-vj5f-gg8m-93xg

NIXPKGS-2026-0894

GitHub issue published on

Permalink CVE-2026-32951

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

updated 12 hours ago by @LeSuisse Activity log

Created automatic suggestion 15 hours ago
@LeSuisse removed package discourse-mail-receiver 12 hours ago
@LeSuisse removed package python312Packages.pydiscourse 12 hours ago
@LeSuisse removed package python313Packages.pydiscourse 12 hours ago
@LeSuisse removed package python314Packages.pydiscourse 12 hours ago
@LeSuisse removed package grafanaPlugins.grafana-discourse-datasource 12 hours ago
@LeSuisse accepted 12 hours ago
@LeSuisse published on GitHub 12 hours ago

Discourse: Authorization bypass in oneboxer via user-controlled category id

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a category_id parameter matching the shared drafts category. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

References

https://github.com/discourse/discourse/security/advisories/GHSA-v93g-8f4f-4rgm x_refsource_CONFIRM
https://github.com/discourse/discourse/commit/0b4e6ff170362823d1cfe2a1a096785d0d77ee83 x_refsource_MISC

Affected products

discourse

==>= 2026.2.0-latest, < 2026.2.2
==>= 2026.1.0-latest, < 2026.1.3
==>= 2026.3.0-latest, < 2026.3.0

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

Package maintainers

@talyz Kim Lindberger <kim.lindberger@gmail.com>

https://github.com/discourse/discourse/security/advisories/GHSA-v93g-8f4f-4rgm

NIXPKGS-2026-0896

GitHub issue published on

Permalink CVE-2026-32619

updated 12 hours ago by @LeSuisse Activity log

Created automatic suggestion 15 hours ago
@LeSuisse removed package discourse-mail-receiver 12 hours ago
@LeSuisse removed package python312Packages.pydiscourse 12 hours ago
@LeSuisse removed package python313Packages.pydiscourse 12 hours ago
@LeSuisse removed package python314Packages.pydiscourse 12 hours ago
@LeSuisse removed package grafanaPlugins.grafana-discourse-datasource 12 hours ago
@LeSuisse removed maintainer @talyz 12 hours ago
@LeSuisse accepted 12 hours ago
@LeSuisse published on GitHub 12 hours ago

Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic (e.g., removed from a private category group) could still interact with polls in that topic, including voting and toggling poll status. No content was exposed, but users could modify poll state in topics they should no longer have access to. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

References

https://github.com/discourse/discourse/security/advisories/GHSA-wq58-pvf6-w4p8 x_refsource_CONFIRM
https://github.com/discourse/discourse/commit/d74ff25db994f06aa27e3466684f613b4e986ba6 x_refsource_MISC

Affected products

discourse

==>= 2026.2.0-latest, < 2026.2.2
==>= 2026.1.0-latest, < 2026.1.3
==>= 2026.3.0-latest, < 2026.3.0

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

Package maintainers

Ignored maintainers (1)

@talyz Kim Lindberger <kim.lindberger@gmail.com>

https://github.com/discourse/discourse/security/advisories/GHSA-wq58-pvf6-w4p8

NIXPKGS-2026-0898

GitHub issue published on

Permalink CVE-2026-33073

updated 12 hours ago by @LeSuisse Activity log

Created automatic suggestion 15 hours ago
@LeSuisse removed package discourse-mail-receiver 12 hours ago
@LeSuisse removed package python312Packages.pydiscourse 12 hours ago
@LeSuisse removed package python313Packages.pydiscourse 12 hours ago
@LeSuisse removed package python314Packages.pydiscourse 12 hours ago
@LeSuisse removed package grafanaPlugins.grafana-discourse-datasource 12 hours ago
@LeSuisse removed maintainer @talyz 12 hours ago
@LeSuisse accepted 12 hours ago
@LeSuisse published on GitHub 12 hours ago

discourse-subscriptions plugin leaking stripe API key in multisite environment

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential for stripe related information to be leaked across sites within the same multisite cluster. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

References

https://github.com/discourse/discourse/security/advisories/GHSA-f866-8fcp-fgvv x_refsource_CONFIRM
https://github.com/discourse/discourse/commit/c34f2aac8dcd1ae2886fa84256f607bc003f9d80 x_refsource_MISC

Affected products

discourse

==>= 2026.2.0-latest, < 2026.2.2
==>= 2026.1.0-latest, < 2026.1.3
==>= 2026.3.0-latest, < 2026.3.0

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

Package maintainers

Ignored maintainers (1)

@talyz Kim Lindberger <kim.lindberger@gmail.com>

https://github.com/discourse/discourse/security/advisories/GHSA-f866-8fcp-fgvv

NIXPKGS-2026-0899

GitHub issue published on

Permalink CVE-2026-32607

updated 12 hours ago by @LeSuisse Activity log

Created automatic suggestion 15 hours ago
@LeSuisse removed package discourse-mail-receiver 12 hours ago
@LeSuisse removed package python312Packages.pydiscourse 12 hours ago
@LeSuisse removed package python313Packages.pydiscourse 12 hours ago
@LeSuisse removed package python314Packages.pydiscourse 12 hours ago
@LeSuisse removed package grafanaPlugins.grafana-discourse-datasource 12 hours ago
@LeSuisse accepted 12 hours ago
@LeSuisse published on GitHub 12 hours ago

Discourse: Stored XSS via unescaped assignee name

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritize_full_name_in_ux site setting is enabled (defaults to false, requires console access to change), user and group display names are rendered without HTML escaping in several assignment-related UI paths. This allows users with assign permission to inject arbitrary HTML/JavaScript that executes in the browser of any user viewing an affected topic. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

References

https://github.com/discourse/discourse/security/advisories/GHSA-xg68-q7ff-6gqm x_refsource_CONFIRM
https://github.com/discourse/discourse/commit/46edb174e237c6e57bda9c494160da0a174fe70d x_refsource_MISC

Affected products

discourse

==>= 2026.2.0-latest, < 2026.2.2
==>= 2026.1.0-latest, < 2026.1.3
==>= 2026.3.0-latest, < 2026.3.0

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

Package maintainers

@talyz Kim Lindberger <kim.lindberger@gmail.com>

https://github.com/discourse/discourse/security/advisories/GHSA-xg68-q7ff-6gqm

NIXPKGS-2026-0892

GitHub issue published on

Permalink CVE-2026-32113

updated 12 hours ago by @LeSuisse Activity log

Created automatic suggestion 15 hours ago
@LeSuisse removed package discourse-mail-receiver 12 hours ago
@LeSuisse removed package python312Packages.pydiscourse 12 hours ago
@LeSuisse removed package python313Packages.pydiscourse 12 hours ago
@LeSuisse removed package python314Packages.pydiscourse 12 hours ago
@LeSuisse removed package grafanaPlugins.grafana-discourse-datasource 12 hours ago
@LeSuisse accepted 12 hours ago
@LeSuisse published on GitHub 12 hours ago

Discourse: Open redirect via `sso_destination_url` cookie in `enter`

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in StaticController reads the sso_destination_url cookie and redirects to it with allow_other_host: true without validating the destination URL. While this cookie is normally set during legitimate DiscourseConnect Provider flows with cryptographically validated SSO payloads, cookies are client-controlled and can be set by attackers. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

References

https://github.com/discourse/discourse/security/advisories/GHSA-378j-ccw4-4fwh x_refsource_CONFIRM
https://github.com/discourse/discourse/commit/080408b93d00305b51d71f63f755f43fa601884d x_refsource_MISC
https://meta.discourse.org/t/using-discourse-as-a-sso-provider/32974 x_refsource_MISC

Affected products

discourse

==>= 2026.2.0-latest, < 2026.2.2
==>= 2026.1.0-latest, < 2026.1.3
==>= 2026.3.0-latest, < 2026.3.0

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

Package maintainers

@talyz Kim Lindberger <kim.lindberger@gmail.com>

https://github.com/discourse/discourse/security/advisories/GHSA-378j-ccw4-4fwh

NIXPKGS-2026-0893

GitHub issue published on

Permalink CVE-2026-32615

updated 12 hours ago by @LeSuisse Activity log

Created automatic suggestion 15 hours ago
@LeSuisse removed package discourse-mail-receiver 12 hours ago
@LeSuisse removed package python312Packages.pydiscourse 12 hours ago
@LeSuisse removed package python313Packages.pydiscourse 12 hours ago
@LeSuisse removed package python314Packages.pydiscourse 12 hours ago
@LeSuisse removed package grafanaPlugins.grafana-discourse-datasource 12 hours ago
@LeSuisse accepted 12 hours ago
@LeSuisse published on GitHub 12 hours ago

Discourse: Category group moderators can perform actions on topics in restricted categories without read access

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could perform privileged actions on topics inside private categories they did not have read access to. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

References

https://github.com/discourse/discourse/security/advisories/GHSA-pr9m-5hpq-wc57 x_refsource_CONFIRM
https://github.com/discourse/discourse/commit/5a00b47523ec70cbb6e8efc3ac7677cc0a91448b x_refsource_MISC

Affected products

discourse

==>= 2026.2.0-latest, < 2026.2.2
==>= 2026.1.0-latest, < 2026.1.3
==>= 2026.3.0-latest, < 2026.3.0

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

Package maintainers

@talyz Kim Lindberger <kim.lindberger@gmail.com>

https://github.com/discourse/discourse/security/advisories/GHSA-pr9m-5hpq-wc57

NIXPKGS-2026-0895

GitHub issue published on

Permalink CVE-2026-32143

updated 12 hours ago by @LeSuisse Activity log

Created automatic suggestion 15 hours ago
@LeSuisse removed package discourse-mail-receiver 12 hours ago
@LeSuisse removed package python312Packages.pydiscourse 12 hours ago
@LeSuisse removed package python313Packages.pydiscourse 12 hours ago
@LeSuisse removed package python314Packages.pydiscourse 12 hours ago
@LeSuisse removed package grafanaPlugins.grafana-discourse-datasource 12 hours ago
@LeSuisse accepted 12 hours ago
@LeSuisse published on GitHub 12 hours ago

Discourse: Admin-only report can be exported by moderators

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could expose sensitive operational data intended only for admins. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

References

https://github.com/discourse/discourse/security/advisories/GHSA-rhjf-mgqw-37wq x_refsource_CONFIRM
https://github.com/discourse/discourse/commit/727029a2983a14b50bce19439fbf9840db8372aa x_refsource_MISC

Affected products

discourse

==>= 2026.2.0-latest, < 2026.2.2
==>= 2026.1.0-latest, < 2026.1.3
==>= 2026.3.0-latest, < 2026.3.0

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

Package maintainers

@talyz Kim Lindberger <kim.lindberger@gmail.com>

https://github.com/discourse/discourse/security/advisories/GHSA-rhjf-mgqw-37wq

NIXPKGS-2026-0901

GitHub issue published on

Permalink CVE-2026-33074

updated 12 hours ago by @LeSuisse Activity log

Created automatic suggestion 15 hours ago
@LeSuisse removed package discourse-mail-receiver 12 hours ago
@LeSuisse removed package python312Packages.pydiscourse 12 hours ago
@LeSuisse removed package python313Packages.pydiscourse 12 hours ago
@LeSuisse removed package python314Packages.pydiscourse 12 hours ago
@LeSuisse removed package grafanaPlugins.grafana-discourse-datasource 12 hours ago
@LeSuisse removed maintainer @talyz 12 hours ago
@LeSuisse accepted 12 hours ago
@LeSuisse published on GitHub 12 hours ago

Discourse: Vulnerability in discourse-subscriptions plugin allowing users to self-grant to higher tier subscriptions

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, a user may be able to purchase a lower tier subscription but grant themselves the benefits that comes along with a higher tier subscription. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

References

https://github.com/discourse/discourse/security/advisories/GHSA-9vg5-mp49-xghh x_refsource_CONFIRM
https://github.com/discourse/discourse/commit/c34f2aac8dcd1ae2886fa84256f607bc003f9d80 x_refsource_MISC

Affected products

discourse

==>= 2026.2.0-latest, < 2026.2.2
==>= 2026.1.0-latest, < 2026.1.3
==>= 2026.3.0-latest, < 2026.3.0

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 2026.1.2
- nixpkgs-unstable 2026.1.2
- nixos-unstable-small 2026.1.2
nixos-25.11 2026.1.2
- nixos-25.11-small 2026.1.2
- nixpkgs-25.11-darwin 2026.1.2

Package maintainers

Ignored maintainers (1)

@talyz Kim Lindberger <kim.lindberger@gmail.com>

https://github.com/discourse/discourse/security/advisories/GHSA-9vg5-mp49-xghh

Published issues

References

Affected products

Matching in nixpkgs

pkgs.discourse

pkgs.discourseAllPlugins

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.discourse

pkgs.discourseAllPlugins

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.discourse

pkgs.discourseAllPlugins

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.discourse

pkgs.discourseAllPlugins

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.discourse

pkgs.discourseAllPlugins

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.discourse

pkgs.discourseAllPlugins

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.discourse

pkgs.discourseAllPlugins

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.discourse

pkgs.discourseAllPlugins

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.discourse

pkgs.discourseAllPlugins

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.discourse

pkgs.discourseAllPlugins

Package maintainers