decidim

Top products

The 15 most recently published vulnerabilities affecting decidim.

• CVE-2026-40869Decidim amendments can be accepted or rejected by anyone7.5Apr 21, 2026
• CVE-2026-40870Decidim's comments API allows access to all commentable resources7.5Apr 21, 2026
• CVE-2026-23891Decidim has a Cross-site scripting (XSS) vulnerability via user name field8.7Apr 13, 2026
• CVE-2025-65017Decidim's private data exports can lead to data leaks6.5Feb 3, 2026
• CVE-2024-45594Decidim allows cross-site scripting (XSS) in the online or hybrid meeting embeds7.7Nov 13, 2024
• CVE-2024-41673Decidim has a cross-site scripting vulnerability in the version control page7.1Oct 1, 2024
• CVE-2024-39910Cross-site scripting (XSS) in the decidim admin panel with QuillJS WYSWYG editor5.4Sep 16, 2024
• CVE-2024-32034Cross-site scripting (XSS) in the decidim admin activity log6.8Sep 16, 2024
• CVE-2024-32469Decidim has cross-site scripting (XSS) in the pagination7.1Jul 10, 2024
• CVE-2024-27095Decidim cross-site scripting (XSS) in the admin panel5.4Jul 10, 2024
• CVE-2024-27090Decidim vulnerable to data disclosure through the embed feature5.3Jul 10, 2024
• CVE-2023-51447Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads6.3Feb 20, 2024
• CVE-2023-48220Decidim's devise_invitable gem vulnerable to circumvention of invitation token expiry period5.7Feb 20, 2024
• CVE-2023-47635Decidim vulnerable to possible CSRF attack at questionnaire templates preview4.5Feb 20, 2024
• CVE-2023-47634Decidim has race condition in Endorsements3.1Feb 20, 2024