Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
rubygems decidim Security Advisories
Browse all Security Advisories for rubygems decidim
Loading...
High
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 2 months ago
GSA_kwCzR0hTQS1jYzRnLW0zZzcteG13OM4AA_5i
Decidim has a cross-site scripting vulnerability in the version control pageEcosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 2 months ago
Moderate
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 2 months ago
GSA_kwCzR0hTQS12dnF3LWZxd3gtbXFtbc4AA_kB
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editorEcosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 2 months ago
Moderate
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 4 months ago
GSA_kwCzR0hTQS03Y3g4LTQ0cGMteHYzcc4AA9w4
Decidim cross-site scripting (XSS) in the paginationEcosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 4 months ago
Moderate
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 4 months ago
GSA_kwCzR0hTQS1xY2o2LXZ4d3gtNHJxds4AA9wt
Decidim vulnerable to data disclosure through the embed featureEcosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 4 months ago
Moderate
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 9 months ago
GSA_kwCzR0hTQS05dzk5LTc4cmotaG14cc4AA5Zn
Cross-site scripting (XSS) in the dynamic file uploadsEcosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 9 months ago
Moderate
Ecosystems: rubygems
Packages: decidim-system, decidim-admin, decidim, devise_invitable
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 9 months ago
GSA_kwCzR0hTQS13M3E4LW00OTItNHB3cM4AA5Zd
Possibility to circumvent the invitation token expiry periodEcosystems: rubygems
Packages: decidim-system, decidim-admin, decidim, devise_invitable
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 9 months ago
Low
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 9 months ago
GSA_kwCzR0hTQS1yMjc1LWo1N2MtN21mMs4AA5ZI
Race condition in EndorsementsEcosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 9 months ago
High
Ecosystems: rubygems
Packages: decidim, decidim-templates
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 1 year ago
GSA_kwCzR0hTQS02MzloLTg2aHctcWNqcc4AA2Qo
Decidim has broken access control in templatesEcosystems: rubygems
Packages: decidim, decidim-templates
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 1 year ago
Moderate
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 1 year ago
GSA_kwCzR0hTQS00NjloLW1xZzgtNTM1cs4AA0m3
Decidim Cross-site Scripting vulnerability in the external link redirectionsEcosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 1 year ago
High
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: over 1 year ago
GSA_kwCzR0hTQS01NjUyLTkycjktM2Z4Oc4AA0m4
Decidim Cross-site Scripting vulnerability in the processes filterEcosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: over 1 year ago
High
Ecosystems: rubygems
Packages: decidim-meetings, decidim
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: over 1 year ago
GSA_kwCzR0hTQS1qbTc5LTlwbTQtdnJ3Oc4AA0m2
Decidim vulnerable to sensitive data disclosureEcosystems: rubygems
Packages: decidim-meetings, decidim
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: over 1 year ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 1
Ecosystems: 12
Packages: 9,040
Repositories: 1
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
actionpack
60
nokogiri
43
rubygems-update
25
rack
23
puppet
23
activerecord
21
camaleon_cms
14
publify_core
14
activesupport
14
passenger
13
puma
12
actionview
12
decidim
11
rails
11
fat_free_crm
10
bootstrap
9
bootstrap
9
org.webjars:bootstrap
9
jquery-rails
9
twbs/bootstrap
9
rails-html-sanitizer
9
bootstrap
9
org.webjars.npm:jquery
8
jquery
8
bootstrap-sass
8
jQuery
7
jquery-ui-rails
7
org.webjars.npm:jquery-ui
7
jquery-ui
7
jQuery.UI.Combined
7
bootstrap.sass
7
rexml
7
org.jruby:jruby-stdlib
7
loofah
6
katello
6
doorkeeper
6
ember-source
6
grpcio
5
grpc
5
bundler
5
webrick
5
sinatra
5
spree
5
sidekiq
5
commonmarker
5
bootstrap-sass
5
spree_auth_devise
5
sanitize
4
fluentd
4
mail
4
rails_admin
4
activestorage
4
ruby-saml
4
carrierwave
4
dragonfly
4
avo
4
devise
4
resque
3
google-protobuf
3
com.google.protobuf:protobuf-kotlin
3
rubyzip
3
com.google.protobuf:protobuf-java
3
json-jwt
3
actiontext
3
openc3
3
gollum
3
omniauth
3
openc3
3
decidim-admin
3
activeadmin
3
decidim-core
3
rack-cors
3
io.grpc:grpc-protobuf
3
spina
3
openssl
3
phlex
3
rdoc
3
devise-two-factor
3
yard
3
geminabox
3
private_address_check
3
cgi
3
git
3
rest-client
3
chartkick
3
mapbox.js
2
pageflow
2
mapbox-rails
2
decidim-meetings
2
view_component
2
pyarrow
2
red-arrow
2
ruby-openid
2
user_agent_parser
2
com.google.protobuf:protobuf-kotlin-lite
2
mechanize
2
com.google.protobuf:protobuf-javalite
2
pghero
2
cocoapods-downloader
2
solidus_frontend
2
solidus_core
2
paperclip
2
net-ldap
2
json
2
actionmailer
2
facter
2
radiant
2
secure_headers
2
uri
2
echor
2
qiita-markdown
2
safemode
2
yajl-ruby
2
omniauth-saml
2
logstash-core
2
git-fastclone
2
httparty
2
bson
2
pdfkit
2
faye
2
administrate
2
sidekiq-unique-jobs
2
field_test
2
kaminari
2
decidim-templates
2
VladTheEnterprising
2
twitter-bootstrap-rails
2
ox
2
sprockets
2
@openc3/tool-common
2
redcarpet
2
mini_magick
2
i18n
2
omniauth-facebook
2
maximebf/debugbar
2
kramdown
2
org.webjars.npm:bootstrap
2
sup
2
bindata
1
decidim-decidim_awesome
1
jquery
1
lynx
1
omniauth-microsoft_graph
1
net.sf.mpxj:mpxj
1
mpxj
1
bolt
1
padrino-contrib
1
mpxj
1
net.sf.mpxj
1
request_store
1
net.sf.mpxj-for-csharp
1
net.sf.mpxj-for-vb
1
gon
1
diffy
1
rmagick
1
brbackup
1
kcapifony
1
personnummer
1
activejob
1
discordrb
1
turbo_boost-commands
1
@turbo-boost/commands
1
rotp
1
gtk2
1
command_wrap
1
em-http-request
1
redcloth
1
jruby-openssl
1
hammer_cli_foreman
1
kafo
1
ruby-mysql
1
gitaly
1
thumbshooter
1
smart_proxy_dynflow
1
sqlite-vec
1
sqlite-vec
1
redis-store
1
espeak-ruby
1
sqlite-vec
1
pgsync
1
nori
1
jquery-ujs
1
sqlite-vec
1
bio-basespace-sdk
1
rack-ssl
1
text_helpers
1
stringio
1
http
1
fastreader
1
svg_optimizer
1
rubocop
1
consul
1
colorscore
1
MPXJ.Net
1
curl
1
netaddr
1
omniauth_amazon
1
coming-soon
1
bitcoin_vanity
1
capistrano-colors
1
Filter by Repository