Known CVE vulnerabilities and GitHub Security Advisories affecting the RubyGems package avo, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2026-42205 — CVSS 8.8 (high): Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was…
CVE-2023-34102 — CVSS 8.3 (high): Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when…
CVE-2023-34103 — CVSS 7.3 (high): Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site…
CVE-2024-22191 — CVSS 7.3 (high): Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the…
CVE-2024-22411 — CVSS 6.5 (medium): Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to `error` or…
CVE-2026-33209 — CVSS 6.1 (medium): Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting (XSS)…