Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

decidim — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in decidim, with AI-generated Chinese analysis, references, and POCs.

Vendor: decidim

CVE IDTitleCVSSSeverityPaused
CVE-2026-40869 Decidim amendments can be accepted or rejected by anyone CWE-266 7.5 High2026-04-21
CVE-2026-40870 Decidim's comments API allows access to all commentable resources CWE-862 7.5 High2026-04-21
CVE-2026-23891 Decidim has a Cross-site scripting (XSS) vulnerability via user name field CWE-79 8.0 -2026-04-13
CVE-2025-65017 Decidim's private data exports can lead to data leaks CWE-200 6.5AIMediumAI2026-02-03
CVE-2024-45594 Decidim allows cross-site scripting (XSS) in the online or hybrid meeting embeds CWE-79 7.7 High2024-11-13
CVE-2024-41673 Decidim has a cross-site scripting vulnerability in the version control page CWE-79 7.1 High2024-10-01
CVE-2024-39910 Cross-site scripting (XSS) in the decidim admin panel with QuillJS WYSWYG editor CWE-79 5.4 Medium2024-09-16
CVE-2024-32034 Cross-site scripting (XSS) in the decidim admin activity log CWE-79 6.8 Medium2024-09-16
CVE-2024-32469 Decidim has cross-site scripting (XSS) in the pagination CWE-79 7.1 High2024-07-10
CVE-2024-27095 Decidim cross-site scripting (XSS) in the admin panel CWE-79 5.4 Medium2024-07-10
CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature CWE-200 5.3 Medium2024-07-10
CVE-2023-51447 Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads CWE-79 6.3 Medium2024-02-20
CVE-2023-48220 Decidim's devise_invitable gem vulnerable to circumvention of invitation token expiry period CWE-672 5.7 Medium2024-02-20
CVE-2023-47635 Decidim vulnerable to possible CSRF attack at questionnaire templates preview CWE-918 4.5 Medium2024-02-20
CVE-2023-47634 Decidim has race condition in Endorsements CWE-362 3.1 Low2024-02-20
CVE-2023-36465 Decidim has broken access control in templates CWE-284 9.1 Critical2023-10-06
CVE-2023-34089 Decidim Cross-site Scripting vulnerability in the processes filter CWE-79 8.1 High2023-07-11
CVE-2023-34090 Decidim vulnerable to sensitive data disclosure CWE-200 7.5 High2023-07-11
CVE-2023-32693 Decidim Cross-site Scripting vulnerability in the external link redirections CWE-79 8.1 High2023-07-11

All 19 known CVE vulnerabilities affecting decidim with full Chinese analysis, references, and POCs where available.