Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/decidim@0.26.7
Typegem
Namespace
Namedecidim
Version0.26.7
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version0.26.7
Latest_non_vulnerable_version0.30.4
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-duuc-4122-tfha
vulnerability_id VCID-duuc-4122-tfha
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.7.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34089
reference_id
reference_type
scores
0
value 0.00146
scoring_system epss
scoring_elements 0.34759
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34089
1
reference_url https://github.com/decidim/decidim/releases/tag/v0.26.6
reference_id
reference_type
scores
url https://github.com/decidim/decidim/releases/tag/v0.26.6
2
reference_url https://github.com/decidim/decidim/releases/tag/v0.26.7
reference_id
reference_type
scores
url https://github.com/decidim/decidim/releases/tag/v0.26.7
3
reference_url https://github.com/decidim/decidim/releases/tag/v0.27.3
reference_id
reference_type
scores
url https://github.com/decidim/decidim/releases/tag/v0.27.3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34089
reference_id CVE-2023-34089
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-34089
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-core/CVE-2023-34089.yml
reference_id CVE-2023-34089.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-core/CVE-2023-34089.yml
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-34089.yml
reference_id CVE-2023-34089.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-34089.yml
7
reference_url https://github.com/advisories/GHSA-5652-92r9-3fx9
reference_id GHSA-5652-92r9-3fx9
reference_type
scores
url https://github.com/advisories/GHSA-5652-92r9-3fx9
8
reference_url https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9
reference_id GHSA-5652-92r9-3fx9
reference_type
scores
url https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9
fixed_packages
0
url pkg:gem/decidim@0.26.7
purl pkg:gem/decidim@0.26.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/decidim@0.26.7
1
url pkg:gem/decidim@0.27.3
purl pkg:gem/decidim@0.27.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/decidim@0.27.3
aliases CVE-2023-34089, GHSA-5652-92r9-3fx9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-duuc-4122-tfha
1
url VCID-ydvj-rmfn-8uaz
vulnerability_id VCID-ydvj-rmfn-8uaz
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32693
reference_id
reference_type
scores
0
value 0.00227
scoring_system epss
scoring_elements 0.45563
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32693
1
reference_url https://github.com/decidim/decidim/releases/tag/v0.26.7
reference_id
reference_type
scores
url https://github.com/decidim/decidim/releases/tag/v0.26.7
2
reference_url https://github.com/decidim/decidim/releases/tag/v0.27.3
reference_id
reference_type
scores
url https://github.com/decidim/decidim/releases/tag/v0.27.3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32693
reference_id CVE-2023-32693
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-32693
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-core/CVE-2023-32693.yml
reference_id CVE-2023-32693.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-core/CVE-2023-32693.yml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-32693.yml
reference_id CVE-2023-32693.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-32693.yml
6
reference_url https://github.com/advisories/GHSA-469h-mqg8-535r
reference_id GHSA-469h-mqg8-535r
reference_type
scores
url https://github.com/advisories/GHSA-469h-mqg8-535r
7
reference_url https://github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r
reference_id GHSA-469h-mqg8-535r
reference_type
scores
url https://github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r
fixed_packages
0
url pkg:gem/decidim@0.26.7
purl pkg:gem/decidim@0.26.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/decidim@0.26.7
1
url pkg:gem/decidim@0.27.3
purl pkg:gem/decidim@0.27.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/decidim@0.27.3
aliases CVE-2023-32693, GHSA-469h-mqg8-535r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ydvj-rmfn-8uaz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/decidim@0.26.7