pkg:RubyGems/avo

6 total CVEsHIGH4MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2026-42205Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources
    from 0, < 3.31.2
  • HIGH8.3CVE-2023-34102avo possible unsafe reflection / partial DoS vulnerability
    from 0, < 2.33.3
  • HIGH7.3CVE-2024-22191avo vulnerable to stored cross-site scripting (XSS) in key_value field
    >= 3.0.0.beta1, < 3.2.4
  • HIGH7.3CVE-2023-34103avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
    from 0, < 2.33.3
  • MEDIUM6.5CVE-2024-22411Cross-site scripting (XSS) in Action messages on Avo
    >= 3.0.0.beta1, < 3.3.0
  • CVE-2026-33209Avo has a XSS vulnerability on `return_to` param
    from 0, < 3.30.3