HIGH 7.3 RubyGems
GHSA-5cr9-5jx3-2g39 · CVE-2023-34103 avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
Modified: 6/25/2024
package
RubyGems / avo
pkg:rubygems/avo
MEDIUM RubyGems
GHSA-762r-27w2-q22j · CVE-2026-33209 Avo has a XSS vulnerability on `return_to` param
Modified: 3/25/2026
HIGH 8.3 RubyGems
GHSA-86h2-2g4g-29qx · CVE-2023-34102 avo possible unsafe reflection / partial DoS vulnerability
Modified: 6/25/2024
CRITICAL 9.6 RubyGems
GHSA-8fq9-273g-6mrg · CVE-2026-55518 Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
Modified: 6/17/2026
MEDIUM 6.5 RubyGems
GHSA-g8vp-2v5p-9qfh · CVE-2024-22411 Cross-site scripting (XSS) in Action messages on Avo
Modified: 2/16/2024
HIGH 7.3 RubyGems
GHSA-ghjv-mh6x-7q6h · CVE-2024-22191 avo vulnerable to stored cross-site scripting (XSS) in key_value field
Modified: 6/25/2024
HIGH 8.8 RubyGems
GHSA-qc5p-3mg5-9fh8 · CVE-2026-42205 Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources
Modified: 6/8/2026