EUVD-2025-206733

Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. This issue has been patched in versions 0.30.4 an...

CVE-2025-65017 Decidim's private data exports can lead to data leaks

Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. This issue has been patched in versions 0.30.4 an...

CVE-2025-65017

Decidim’s private data export vulnerability (CVE-2025-65017) affects Decidim versions 0.30.0–0.30.3 and 0.31.0.rc1–0.31.0, where UUID generation can collide, leading to data leaks via private data exports. The root cause is UUID collision during export generation, enabling potential exposure of p...

Malicious code in libxmljs2woter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb0d4800be662e443c5452e2dbf7088498563ea91fe9056e186e8e6f5d397c89 The package libxmljs2woter was found to contain malicious code. Source: ghsa-malware 5b498dbda523b62755dd841fc0e66d62bddb3feef9c4ca0d5078b7dec40fdd1c...

EUVD-2020-18835

Malware in sbrugna...

CVE-2020-26210

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

OPENSUSE-SU-2022:10094-1 Security update for trivy

This update for trivy fixes the following issues: Update to version 0.30.4: fix: remove the first arg when running as a plugin 2595 fix: k8s controlplaner scanning 2593 fixvuln: GitLab report template 2578 Update to version 0.30.3: fixserver: use a new db worker for hot updates 2581 docs: add tri...

Security update for trivy (moderate)

openSUSE Security Update: Security update for trivy Announcement ID: openSUSE-SU-2022:10094-1 Rating: moderate References: 1199760 Cross-References: CVE-2022-1996 CVE-2022-23648 CVE-2022-28946 CVSS scores: CVE-2022-1996 NVD : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-1996 SUSE: 7....

OPENSUSE-SU-2022:10081-1 Security update for trivy

This update for trivy fixes the following issues: trivy was updated to version 0.30.4: fix: remove the first arg when running as a plugin 2595 fix: k8s controlplaner scanning 2593 fixvuln: GitLab report template 2578 Update to version 0.30.3: fixserver: use a new db worker for hot updates 2581...

Security update for trivy (moderate)

openSUSE Security Update: Security update for trivy Announcement ID: openSUSE-SU-2022:10081-1 Rating: moderate References: Cross-References: CVE-2022-1996 CVSS scores: CVE-2022-1996 NVD : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-1996 SUSE: 7.5...

BookStack cross-site scripting vulnerability (CNVD-2020-63954)

BookStack is BookStackApp team of a set of open source using PHP and Laravel to build wiki documentation platform . A cross-site scripting vulnerability exists in versions prior to BookStack 0.30.4, which stems from a lack of proper validation of client-side data by the WEB application. The...

CVE-2020-26210 Cross-Site Scripting in BookStack

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...