VIR Vulnerability Intelligence Relay

Package impact

ruby RubyGems / decidim-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-23891 critical 9.5 2mo ago Decidim has a cross-site scripting (XSS) in user name
CVE-2026-40869 unknown 2mo ago Decidim amendments can be accepted or rejected by anyone