Skip to main content

Avo

5 CVEs product

Monthly

CVE-2026-42205 Ruby HIGH PATCH GHSA This Week

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class (descendants of Avo::BaseAction) on any resource, even if the action is not registered for that specific resource. This leads to Privilege Escalation and unauthorized data manipulation across the entire application. This issue has been patched in version 3.31.2.

Authentication Bypass Privilege Escalation Avo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-22411 Ruby MEDIUM POC PATCH This Month

Avo is a framework to create admin panels for Ruby on Rails apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Avo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-22191 Ruby MEDIUM POC PATCH This Month

Avo is a framework to create admin panels for Ruby on Rails apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Avo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-34103 Ruby MEDIUM POC PATCH This Month

Avo is an open source ruby on rails admin panel creation framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Avo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-34102 Ruby HIGH POC PATCH This Week

Avo is an open source ruby on rails admin panel creation framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Avo
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class (descendants of Avo::BaseAction) on any resource, even if the action is not registered for that specific resource. This leads to Privilege Escalation and unauthorized data manipulation across the entire application. This issue has been patched in version 3.31.2.

Authentication Bypass Privilege Escalation Avo
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Avo is a framework to create admin panels for Ruby on Rails apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Avo
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Avo is a framework to create admin panels for Ruby on Rails apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Avo
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Avo is an open source ruby on rails admin panel creation framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Avo
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Avo is an open source ruby on rails admin panel creation framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Avo
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy