decidim
RubyGems12 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting decidimpage 1 of 1
- CVE-2023-32693HIGHCVSS 8.1EG 8.1✓ Fixed in 0.27.32023-07-11
vulnerable: 0.27.0, 0.27.1, 0.27.2
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. Th…
- CVE-2023-34089HIGHCVSS 8.1EG 8.1✓ Fixed in 0.27.32023-07-11
vulnerable: 0.27.0, 0.27.1, 0.27.2
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting.…
- CVE-2023-34090HIGHCVSS 7.5EG 7.5✓ Fixed in 0.27.32023-07-11
vulnerable: 0.27.0, 0.27.1, 0.27.2
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certa…
- CVE-2023-36465CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.27.42023-10-06
vulnerable: 0.27.0, 0.27.1, 0.27.2, 0.27.3
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allo…
- CVE-2023-47634LOWCVSS 3.1EG 3.1✓ Fixed in 0.27.52024-02-29
vulnerable: 0.27.0, 0.27.1, 0.27.2, 0.27.3, 0.27.4
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once e…
- CVE-2023-48220MEDIUMCVSS 5.7EG 5.7✓ Fixed in 0.27.52024-02-20
vulnerable: 0.27.0, 0.27.1, 0.27.2, 0.27.3, 0.27.4
Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the pas…
- CVE-2023-51447MEDIUMCVSS 6.3EG 6.3✓ Fixed in 0.27.52024-02-20
vulnerable: 0.27.0, 0.27.1, 0.27.2, 0.27.3, 0.27.4
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify…
- CVE-2024-27090MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.27.62024-07-10
vulnerable: 0.0.1 ... 0.9.3 (124 versions)
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or privat…
- CVE-2024-32469HIGHCVSS 7.1EG 7.1✓ Fixed in 0.28.12024-07-10
vulnerable: 0.28.0, 0.28.0.rc4, 0.28.0.rc5
Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.…
- CVE-2024-39910MEDIUMCVSS 5.4EG 5.4✓ Fixed in 0.27.72024-09-16
vulnerable: 0.0.1 ... 0.9.3 (125 versions)
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML bef…
- CVE-2024-41673HIGHCVSS 7.1EG 7.1✓ Fixed in 0.27.82024-10-01
vulnerable: 0.0.1 ... 0.9.3 (126 versions)
Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.
- CVE-2025-65017MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.30.42026-02-03
vulnerable: 0.30.0, 0.30.1, 0.30.2, 0.30.3
Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generate…
Check whether decidim is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for decidim CVEs against the assets you own.
Start Free Scan →