pkg:RubyGems/decidim

All known vulnerabilities

• HIGH8.1CVE-2023-34089Decidim Cross-site Scripting vulnerability in the processes filter
  >= 0.14.0, < 0.26.7
• HIGH7.5CVE-2023-34090Decidim vulnerable to sensitive data disclosure
  >= 0.27.0, < 0.27.3
• HIGH7.1CVE-2024-41673Decidim has a cross-site scripting vulnerability in the version control page
  from 0, < 0.27.8
• HIGH7.1Decidim cross-site scripting (XSS) in the pagination
  from 0, < 0.27.6
• HIGH7.1Decidim has broken access control in templates
  >= 0.23.2, < 0.26.8
• MEDIUM6.3Cross-site scripting (XSS) in the dynamic file uploads
  >= 0.27.0, < 0.27.5
• MEDIUM6.1Decidim Cross-site Scripting vulnerability in the external link redirections
  >= 0.25.0, < 0.26.7
• MEDIUM5.7Possibility to circumvent the invitation token expiry period
  >= 0.0.1.alpha3, < 0.26.9
• MEDIUM5.4Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
  from 0, < 0.27.7
• MEDIUM5.3Decidim vulnerable to data disclosure through the embed feature
  from 0, < 0.27.6
• LOW3.1Race condition in Endorsements
  >= 0.10.0, < 0.26.9
• —Decidim's private data exports can lead to data leaks
  >= 0.30.0, < 0.30.4