Launch Week Day 1: Announcing Security Design Review
Start for Free
rubygems

decidim

View on rubygems registry
12 Total advisories
12 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
RubyGems

CVE-2025-65017

Decidim's private data exports can lead to data leaks
HIGH 7.5
RubyGems

CVE-2023-34090

Decidim vulnerable to sensitive data disclosure
LOW 3.1
RubyGems

CVE-2023-47634

Race condition in Endorsements
HIGH 7.1
RubyGems

CVE-2024-32469

Decidim cross-site scripting (XSS) in the pagination
HIGH 7.1
RubyGems

CVE-2024-41673

Decidim has a cross-site scripting vulnerability in the version control page
MEDIUM 5.4
RubyGems

CVE-2024-39910

Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
MEDIUM 5.3
RubyGems

CVE-2024-27090

Decidim vulnerable to data disclosure through the embed feature
MEDIUM 6.3
RubyGems

CVE-2023-51447

Cross-site scripting (XSS) in the dynamic file uploads
MEDIUM 5.7
RubyGems

CVE-2023-48220

Possibility to circumvent the invitation token expiry period
HIGH 7.1
RubyGems

CVE-2023-36465

Decidim has broken access control in templates
HIGH 8.1
RubyGems

CVE-2023-34089

Decidim Cross-site Scripting vulnerability in the processes filter
MEDIUM 6.1
RubyGems

CVE-2023-32693

Decidim Cross-site Scripting vulnerability in the external link redirections

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes