PT-2026-6353

Impact Private data exports can lead to data leaks in cases where the UUID generation causes collisions for the generated UUIDs. The bug was introduced by 13571 and affects Decidim versions 0.30.0 or newer currently 2025-09-23. This issue was discovered by running the following spec several times...

Decidim's private data exports can lead to data leaks

Impact Private data exports can lead to data leaks in cases where the UUID generation causes collisions for the generated UUIDs. The bug was introduced by 13571 and affects Decidim versions 0.30.0 or newer currently 2025-09-23. This issue was discovered by running the following spec several times...

PT-2024-29498 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.27.8 Description: The version control feature in Decidim is subject to a potential cross-site scripting XSS attack through a malformed URL. This issue was discovered during a security audit organized by Open Source...

PT-2024-13556 · Rubygems +2 · Devise Invitable +3

Name of the Vulnerable Software and Affected Versions: decidim versions 0.0.1.alpha3 through 0.26.8 decidim-admin versions 0.0.1.alpha3 through 0.26.8 decidim-system versions 0.0.1.alpha3 through 0.26.8 devise invitable versions 0.4.rc3 through 2.0.8 Description: The invites feature in the devise...