Avo-hq Avo
6 CVEs affecting Avo-hq Avo. Latest disclosed: 2026-05-08. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42205 | High | 8.8 | 2026-05-08 | Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsC… |
CVE-2023-34102 | High | 8.3 | 2023-06-05 | Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with use… |
CVE-2024-22191 | High | 7.3 | 2024-01-16 | Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the key_value field of Avo v3… |
CVE-2023-34103 | High | 7.3 | 2023-06-05 | Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting (XSS) when rend… |
CVE-2024-22411 | Medium | 6.5 | 2024-01-16 | Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to `error` or `succeed` in an `Avo::BaseA… |
CVE-2026-33209 | | 2026-03-20 | Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting (XSS) vulnerability exists in the r… |