pkg:RubyGems/decidim

All known vulnerabilities

• HIGH8.1CVE-2023-34089Decidim Cross-site Scripting vulnerability in the processes filter
  >= 0.14.0, < 0.26.7
• HIGH7.5CVE-2023-34090Decidim vulnerable to sensitive data disclosure
  >= 0.27.0, < 0.27.3
• HIGH7.1CVE-2024-41673Decidim has a cross-site scripting vulnerability in the version control page
  from 0, < 0.27.8
• HIGH7.1CVE-2024-32469Decidim cross-site scripting (XSS) in the pagination
  from 0, < 0.27.6
• HIGH7.1CVE-2023-36465Decidim has broken access control in templates
  >= 0.23.2, < 0.26.8
• MEDIUM6.3CVE-2023-51447Cross-site scripting (XSS) in the dynamic file uploads
  >= 0.27.0, < 0.27.5
• MEDIUM6.1CVE-2023-32693Decidim Cross-site Scripting vulnerability in the external link redirections
  >= 0.25.0, < 0.26.7
• MEDIUM5.7CVE-2023-48220Possibility to circumvent the invitation token expiry period
  >= 0.0.1.alpha3, < 0.26.9
• MEDIUM5.4CVE-2024-39910Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
  from 0, < 0.27.7
• MEDIUM5.3CVE-2024-27090Decidim vulnerable to data disclosure through the embed feature
  from 0, < 0.27.6
• LOW3.1CVE-2023-47634Race condition in Endorsements
  >= 0.10.0, < 0.26.9
• —CVE-2025-65017Decidim's private data exports can lead to data leaks
  >= 0.30.0, < 0.30.4