| CVE-2025-65017 |
unknown |
— |
— |
|
|
|
4mo ago |
Decidim's private data exports can lead to data leaks |
| CVE-2024-41673 |
unknown |
— |
— |
|
|
|
2y ago |
Decidim has a cross-site scripting vulnerability in the version control page |
| CVE-2024-39910 |
unknown |
— |
— |
|
|
|
2y ago |
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor |
| CVE-2024-32469 |
unknown |
— |
— |
|
|
|
2y ago |
Decidim cross-site scripting (XSS) in the pagination |
| CVE-2024-27090 |
unknown |
— |
— |
|
|
|
2y ago |
Decidim vulnerable to data disclosure through the embed feature |
| CVE-2023-51447 |
unknown |
— |
— |
|
|
|
2y ago |
Cross-site scripting (XSS) in the dynamic file uploads |
| CVE-2023-47634 |
unknown |
— |
— |
|
|
|
2y ago |
Race condition in Endorsements |
| CVE-2023-48220 |
unknown |
— |
— |
|
|
|
2y ago |
Possibility to circumvent the invitation token expiry period |
| CVE-2023-36465 |
unknown |
— |
— |
|
|
|
3y ago |
Decidim has broken access control in templates |
| CVE-2023-32693 |
unknown |
— |
— |
|
|
|
3y ago |
Decidim Cross-site Scripting vulnerability in the external link redirections |
| CVE-2023-34090 |
unknown |
— |
— |
|
|
|
3y ago |
Decidim vulnerable to sensitive data disclosure |
| CVE-2023-34089 |
unknown |
— |
— |
|
|
|
3y ago |
Decidim Cross-site Scripting vulnerability in the processes filter |