Package impact
RubyGems / decidim-core
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23891 | critical | — | 9.5 | 2mo ago | Decidim has a cross-site scripting (XSS) in user name | |||
| CVE-2026-40869 | unknown | — | — | 2mo ago | Decidim amendments can be accepted or rejected by anyone | |||
| CVE-2025-65017 | unknown | — | — | 4mo ago | Decidim's private data exports can lead to data leaks | |||
| CVE-2023-51447 | unknown | — | — | 2y ago | Cross-site scripting (XSS) in the dynamic file uploads | |||
| CVE-2023-32693 | unknown | — | — | 3y ago | Decidim Cross-site Scripting vulnerability in the external link redirections | |||
| CVE-2023-34089 | unknown | — | — | 3y ago | Decidim Cross-site Scripting vulnerability in the processes filter |