Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/avo@2.46.0
Typegem
Namespace
Nameavo
Version2.46.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.30.3
Latest_non_vulnerable_version3.31.2
Affected_by_vulnerabilities
0
url VCID-frm8-sacg-vyaz
vulnerability_id VCID-frm8-sacg-vyaz
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12 any HTML inside text that is passed to `error` or `succeed` in an `Avo::BaseAction` subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A malicious user could exploit this vulnerability to trigger a cross site scripting attack on an unsuspecting user. This issue has been addressed in the 3.0.0 release of Avo. Users are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22411
reference_id
reference_type
scores
0
value 0.0577
scoring_system epss
scoring_elements 0.90614
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22411
1
reference_url https://github.com/avo-hq/avo
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/avo-hq/avo
2
reference_url https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:11:34Z/
url https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347
3
reference_url https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:11:34Z/
url https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258
4
reference_url https://github.com/avo-hq/avo/releases/tag/v2.47.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:11:34Z/
url https://github.com/avo-hq/avo/releases/tag/v2.47.0
5
reference_url https://github.com/avo-hq/avo/releases/tag/v3.3.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:11:34Z/
url https://github.com/avo-hq/avo/releases/tag/v3.3.0
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22411
reference_id CVE-2024-22411
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22411
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/avo/CVE-2024-22411.yml
reference_id CVE-2024-22411.YML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/avo/CVE-2024-22411.yml
8
reference_url https://github.com/advisories/GHSA-g8vp-2v5p-9qfh
reference_id GHSA-g8vp-2v5p-9qfh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g8vp-2v5p-9qfh
9
reference_url https://github.com/avo-hq/avo/security/advisories/GHSA-g8vp-2v5p-9qfh
reference_id GHSA-g8vp-2v5p-9qfh
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:11:34Z/
url https://github.com/avo-hq/avo/security/advisories/GHSA-g8vp-2v5p-9qfh
fixed_packages
0
url pkg:gem/avo@2.47.0
purl pkg:gem/avo@2.47.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ym72-wgcj-1kex
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/avo@2.47.0
1
url pkg:gem/avo@3.0.0.beta1
purl pkg:gem/avo@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-frm8-sacg-vyaz
1
vulnerability VCID-v35w-ygkk-d7ar
2
vulnerability VCID-ym72-wgcj-1kex
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/avo@3.0.0.beta1
2
url pkg:gem/avo@3.0.2
purl pkg:gem/avo@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-frm8-sacg-vyaz
1
vulnerability VCID-v35w-ygkk-d7ar
2
vulnerability VCID-ym72-wgcj-1kex
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/avo@3.0.2
3
url pkg:gem/avo@3.3.0
purl pkg:gem/avo@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-frm8-sacg-vyaz
1
vulnerability VCID-ym72-wgcj-1kex
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/avo@3.3.0
aliases CVE-2024-22411, GHSA-g8vp-2v5p-9qfh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-frm8-sacg-vyaz
1
url VCID-v35w-ygkk-d7ar
vulnerability_id VCID-v35w-ygkk-d7ar
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the key_value field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the key_value is inserted directly into the HTML code. In the current version of Avo (possibly also older versions), the value is not properly sanitized before it is inserted into the HTML code. This vulnerability could be used to steal sensitive information from victims that could be used to hijack victims' accounts or redirect them to malicious websites. Avo 3.2.4 includes a fix for this issue. Users are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22191
reference_id
reference_type
scores
0
value 0.01253
scoring_system epss
scoring_elements 0.79666
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22191
1
reference_url https://github.com/avo-hq/avo
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/avo-hq/avo
2
reference_url https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:56:18Z/
url https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347
3
reference_url https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:56:18Z/
url https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22191
reference_id CVE-2024-22191
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22191
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/avo/CVE-2024-22191.yml
reference_id CVE-2024-22191.YML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/avo/CVE-2024-22191.yml
6
reference_url https://github.com/advisories/GHSA-ghjv-mh6x-7q6h
reference_id GHSA-ghjv-mh6x-7q6h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ghjv-mh6x-7q6h
7
reference_url https://github.com/avo-hq/avo/security/advisories/GHSA-ghjv-mh6x-7q6h
reference_id GHSA-ghjv-mh6x-7q6h
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:56:18Z/
url https://github.com/avo-hq/avo/security/advisories/GHSA-ghjv-mh6x-7q6h
fixed_packages
0
url pkg:gem/avo@2.47.0
purl pkg:gem/avo@2.47.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ym72-wgcj-1kex
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/avo@2.47.0
1
url pkg:gem/avo@3.0.0.beta1
purl pkg:gem/avo@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-frm8-sacg-vyaz
1
vulnerability VCID-v35w-ygkk-d7ar
2
vulnerability VCID-ym72-wgcj-1kex
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/avo@3.0.0.beta1
2
url pkg:gem/avo@3.2.4
purl pkg:gem/avo@3.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/avo@3.2.4
aliases CVE-2024-22191, GHSA-ghjv-mh6x-7q6h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v35w-ygkk-d7ar
2
url VCID-ym72-wgcj-1kex
vulnerability_id VCID-ym72-wgcj-1kex
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33209
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02207
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33209
1
reference_url https://github.com/avo-hq/avo
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/avo-hq/avo
2
reference_url https://github.com/avo-hq/avo/commit/4453d39ddc6309f3bc8ada73ef21e1971112de7d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:06:50Z/
url https://github.com/avo-hq/avo/commit/4453d39ddc6309f3bc8ada73ef21e1971112de7d
3
reference_url https://github.com/avo-hq/avo/pull/4330
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:06:50Z/
url https://github.com/avo-hq/avo/pull/4330
4
reference_url https://github.com/avo-hq/avo/releases/tag/v3.30.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:06:50Z/
url https://github.com/avo-hq/avo/releases/tag/v3.30.3
5
reference_url https://github.com/avo-hq/avo/security/advisories/GHSA-762r-27w2-q22j
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:06:50Z/
url https://github.com/avo-hq/avo/security/advisories/GHSA-762r-27w2-q22j
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/avo/CVE-2026-33209.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/avo/CVE-2026-33209.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33209
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33209
fixed_packages
0
url pkg:gem/avo@3.30.3
purl pkg:gem/avo@3.30.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/avo@3.30.3
aliases CVE-2026-33209, GHSA-762r-27w2-q22j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ym72-wgcj-1kex
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/avo@2.46.0