Management of NVTs and CVEs


Unless your base image is somehow out of date (shouldn’t be possible, you’d be prevented from updating via the UI if it was), Discourse isn’t vulnerable to those nginx CVEs. You can see the version of Nginx used at discourse_docker/install-nginx at main · discourse/discourse_docker · GitHub, and looking at nginx security advisories 1.21.0+ isn’t vulnerable to CVEs listed.

How did you install Discourse? Did you follow the official install instructions? Any proxies in front of your instance?