Nixpkgs Security Tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-33209

updated an hour ago by @mweinelt Activity log

Created automatic suggestion 1 day, 11 hours ago
@mweinelt dismissed (not in Nixpkgs) an hour ago

Avo has a XSS vulnerability on `return_to` param

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting (XSS) vulnerability exists in the return_to query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is executed when he clicks a dynamically generated navigation button. This issue has been patched in version 3.30.3.

References

https://github.com/avo-hq/avo/security/advisories/GHSA-762r-27w2-q22j x_refsource_CONFIRM
https://github.com/avo-hq/avo/pull/4330 x_refsource_MISC
https://github.com/avo-hq/avo/commit/4453d39ddc6309f3bc8ada73ef21e1971112de7d x_refsource_MISC
https://github.com/avo-hq/avo/releases/tag/v3.30.3 x_refsource_MISC

Affected products

avo

==< 3.30.3

Matching in nixpkgs

pkgs.havoc

Minimal terminal emulator for Wayland

nixos-unstable 0.7.0
- nixpkgs-unstable 0.7.0
- nixos-unstable-small 0.7.0
nixos-25.11 0.7.0
- nixos-25.11-small 0.7.0
- nixpkgs-25.11-darwin 0.7.0

pkgs.avocode

Bridge between designers and developers

nixos-unstable 4.15.6
- nixpkgs-unstable 4.15.6
- nixos-unstable-small 4.15.6
nixos-25.11 4.15.6
- nixos-25.11-small 4.15.6
- nixpkgs-25.11-darwin 4.15.6

pkgs.flavours

Easy to use base16 scheme manager/builder that integrates with any workflow

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1
nixos-25.11 0.7.1
- nixos-25.11-small 0.7.1
- nixpkgs-25.11-darwin 0.7.1

pkgs.avogadro2

Molecule editor and visualizer

nixos-unstable 1.103.0
- nixpkgs-unstable 1.103.0
- nixos-unstable-small 1.103.0
nixos-25.11 1.102.1
- nixos-25.11-small 1.102.1
- nixpkgs-25.11-darwin 1.102.1

pkgs.endeavour

Personal task manager for GNOME

nixos-unstable 43.0
- nixpkgs-unstable 43.0
- nixos-unstable-small 43.0
nixos-25.11 43.0
- nixos-25.11-small 43.0
- nixpkgs-25.11-darwin 43.0

pkgs.pavolctld

Minimal volume control/monitoring daemon for PulseAudio and PipeWire

nixos-unstable 1.0.2
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2
nixos-25.11 1.0.2
- nixos-25.11-small 1.0.2
- nixpkgs-25.11-darwin 1.0.2

pkgs.avogadrolibs

Molecule editor and visualizer

nixos-unstable 1.103.0
- nixpkgs-unstable 1.103.0
- nixos-unstable-small 1.103.0
nixos-25.11 1.102.1
- nixos-25.11-small 1.102.1
- nixpkgs-25.11-darwin 1.102.1