Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

decidim — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting decidim. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Decidim is an open-source digital platform for participatory democracy and citizen engagement, enabling governments and organizations to facilitate public consultations and collaborative decision-making. Historically, the platform has been susceptible to various vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, as evidenced by its 19 recorded CVEs. While no major public security incidents have been widely documented, the consistent discovery of vulnerabilities highlights the importance of regular security assessments and timely patching for organizations implementing this platform to maintain secure public engagement environments.

Top products by decidim: decidim
CVE IDTitleCVSSSeverityPublished
CVE-2026-40869 Decidim amendments can be accepted or rejected by anyone — decidimCWE-266 7.5 High2026-04-21
CVE-2026-40870 Decidim's comments API allows access to all commentable resources — decidimCWE-862 7.5 High2026-04-21
CVE-2026-23891 Decidim has a Cross-site scripting (XSS) vulnerability via user name field — decidimCWE-79 8.0 -2026-04-13
CVE-2025-65017 Decidim's private data exports can lead to data leaks — decidimCWE-200 6.5AIMediumAI2026-02-03
CVE-2024-45594 Decidim allows cross-site scripting (XSS) in the online or hybrid meeting embeds — decidimCWE-79 7.7 High2024-11-13
CVE-2024-41673 Decidim has a cross-site scripting vulnerability in the version control page — decidimCWE-79 7.1 High2024-10-01
CVE-2024-39910 Cross-site scripting (XSS) in the decidim admin panel with QuillJS WYSWYG editor — decidimCWE-79 5.4 Medium2024-09-16
CVE-2024-32034 Cross-site scripting (XSS) in the decidim admin activity log — decidimCWE-79 6.8 Medium2024-09-16
CVE-2024-32469 Decidim has cross-site scripting (XSS) in the pagination — decidimCWE-79 7.1 High2024-07-10
CVE-2024-27095 Decidim cross-site scripting (XSS) in the admin panel — decidimCWE-79 5.4 Medium2024-07-10
CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature — decidimCWE-200 5.3 Medium2024-07-10
CVE-2023-51447 Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads — decidimCWE-79 6.3 Medium2024-02-20
CVE-2023-48220 Decidim's devise_invitable gem vulnerable to circumvention of invitation token expiry period — decidimCWE-672 5.7 Medium2024-02-20
CVE-2023-47635 Decidim vulnerable to possible CSRF attack at questionnaire templates preview — decidimCWE-918 4.5 Medium2024-02-20
CVE-2023-47634 Decidim has race condition in Endorsements — decidimCWE-362 3.1 Low2024-02-20
CVE-2023-36465 Decidim has broken access control in templates — decidimCWE-284 9.1 Critical2023-10-06
CVE-2023-34089 Decidim Cross-site Scripting vulnerability in the processes filter — decidimCWE-79 8.1 High2023-07-11
CVE-2023-34090 Decidim vulnerable to sensitive data disclosure — decidimCWE-200 7.5 High2023-07-11
CVE-2023-32693 Decidim Cross-site Scripting vulnerability in the external link redirections — decidimCWE-79 8.1 High2023-07-11

This page lists every published CVE security advisory associated with decidim. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.