RubyGems package
decidim-core
pkg:gem/decidim-core
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40869 | Hig | 7.5 | >= 0.31.0.rc1, < 0.31.1 | 0.31.1 | Apr 21, 2026 | Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the ame | |
| CVE-2026-23891 | Hig | 8.7 | >= 0.31.0.rc1, < 0.31.1 | 0.31.1 | Apr 13, 2026 | Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a commen | |
| CVE-2025-65017 | — | >= 0.30.0, < 0.30.4 | 0.30.4 | Feb 3, 2026 | Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. This issue has been patched in v | ||
| CVE-2023-51447 | — | >= 0.27.0, < 0.27.5 | 0.27.5 | Feb 20, 2024 | Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uplo | ||
| CVE-2023-34089 | — | >= 0.14.0, < 0.26.7 | 0.26.7 | Jul 11, 2023 | Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute | ||
| CVE-2023-32693 | — | >= 0.27.0, < 0.27.3 | 0.27.3 | Jul 11, 2023 | Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute Ja |
- affected >= 0.31.0.rc1, < 0.31.1fixed 0.31.1
Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the ame
- affected >= 0.31.0.rc1, < 0.31.1fixed 0.31.1
Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a commen
- CVE-2025-65017Feb 3, 2026affected >= 0.30.0, < 0.30.4fixed 0.30.4
Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. This issue has been patched in v
- CVE-2023-51447Feb 20, 2024affected >= 0.27.0, < 0.27.5fixed 0.27.5
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uplo
- CVE-2023-34089Jul 11, 2023affected >= 0.14.0, < 0.26.7fixed 0.26.7
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute
- CVE-2023-32693Jul 11, 2023affected >= 0.27.0, < 0.27.3fixed 0.27.3
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute Ja