Package impact
RubyGems / avo
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-42205 | high | 8.8 | 8.8 | 1mo ago | Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources | |
| CVE-2026-33209 | unknown | — | — | 2mo ago | Avo has a XSS vulnerability on `return_to` param | |
| CVE-2024-22411 | unknown | — | — | 2y ago | Cross-site scripting (XSS) in Action messages on Avo | |
| CVE-2024-22191 | unknown | — | — | 2y ago | avo vulnerable to stored cross-site scripting (XSS) in key_value field | |
| CVE-2023-34102 | unknown | — | — | 3y ago | avo possible unsafe reflection / partial DoS vulnerability | |
| CVE-2023-34103 | unknown | — | — | 3y ago | avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields |