Package impact
RubyGems / avo
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42205 | high | 8.8 | 8.8 | 1mo ago | Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources | |||
| CVE-2026-33209 | unknown | — | — | 3mo ago | Avo has a XSS vulnerability on `return_to` param | |||
| CVE-2024-22411 | unknown | — | — | 2y ago | Cross-site scripting (XSS) in Action messages on Avo | |||
| CVE-2024-22191 | unknown | — | — | 2y ago | avo vulnerable to stored cross-site scripting (XSS) in key_value field | |||
| CVE-2023-34102 | unknown | — | — | 3y ago | avo possible unsafe reflection / partial DoS vulnerability | |||
| CVE-2023-34103 | unknown | — | — | 3y ago | avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields |