pkg:RubyGems/decidim-core

6 total CVEsHIGH3MEDIUM2

✅ Check your installed version

All known vulnerabilities

  • HIGH8.7CVE-2026-23891Decidim has a cross-site scripting (XSS) in user name
    >= 0.31.0.rc1, < 0.31.1
  • HIGH8.1CVE-2023-34089Decidim Cross-site Scripting vulnerability in the processes filter
    >= 0.14.0, < 0.26.7
  • HIGH7.5CVE-2026-40869Decidim amendments can be accepted or rejected by anyone
    >= 0.31.0.rc1, < 0.31.1
  • MEDIUM6.3CVE-2023-51447Cross-site scripting (XSS) in the dynamic file uploads
    >= 0.27.0, < 0.27.5
  • MEDIUM6.1CVE-2023-32693Decidim Cross-site Scripting vulnerability in the external link redirections
    >= 0.27.0, < 0.27.3
  • CVE-2025-65017Decidim's private data exports can lead to data leaks
    >= 0.30.0, < 0.30.4