Vulnerabilities in decidim
19 resultsCVE-2023-34090HIGHDecidim vulnerable to sensitive data disclosureEPSS 1.0%CVE-2023-48220MEDIUMDecidim's devise_invitable gem vulnerable to circumvention of invitation token expiry periodEPSS 0.8%CVE-2023-32693HIGHDecidim Cross-site Scripting vulnerability in the external link redirectionsEPSS 0.6%CVE-2023-34089HIGHDecidim Cross-site Scripting vulnerability in the processes filterEPSS 0.6%CVE-2023-36465CRITICALDecidim has broken access control in templatesEPSS 0.5%CVE-2023-51447MEDIUMDecidim vulnerable to cross-site scripting (XSS) in the dynamic file uploadsEPSS 0.5%CVE-2024-27090MEDIUMDecidim vulnerable to data disclosure through the embed featureEPSS 0.5%CVE-2023-47634LOWDecidim has race condition in EndorsementsEPSS 0.4%CVE-2024-32469HIGHDecidim has cross-site scripting (XSS) in the paginationEPSS 0.4%CVE-2024-41673HIGHDecidim has a cross-site scripting vulnerability in the version control pageEPSS 0.4%CVE-2026-23891CRITICALDecidim has a Cross-site scripting (XSS) vulnerability via user name fieldEPSS 0.4%CVE-2024-32034MEDIUMCross-site scripting (XSS) in the decidim admin activity logEPSS 0.4%CVE-2024-27095MEDIUMDecidim cross-site scripting (XSS) in the admin panelEPSS 0.3%CVE-2023-47635MEDIUMDecidim vulnerable to possible CSRF attack at questionnaire templates previewEPSS 0.3%CVE-2026-40870HIGHDecidim's comments API allows access to all commentable resourcesEPSS 0.3%CVE-2025-65017HIGHDecidim's private data exports can lead to data leaksEPSS 0.3%CVE-2024-39910MEDIUMCross-site scripting (XSS) in the decidim admin panel with QuillJS WYSWYG editorEPSS 0.3%CVE-2024-45594HIGHDecidim allows cross-site scripting (XSS) in the online or hybrid meeting embedsEPSS 0.2%CVE-2026-40869HIGHDecidim amendments can be accepted or rejected by anyoneEPSS 0.2%