Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: avocode

Found 1 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-33209
created 4 weeks, 2 days ago
Avo has a XSS vulnerability on `return_to` param

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting (XSS) vulnerability exists in the return_to query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is executed when he clicks a dynamically generated navigation button. This issue has been patched in version 3.30.3.

Affected products

avo
  • ==< 3.30.3

Matching in nixpkgs

pkgs.havoc

Minimal terminal emulator for Wayland

pkgs.flavours

Easy to use base16 scheme manager/builder that integrates with any workflow

pkgs.endeavour

Personal task manager for GNOME

  • nixos-unstable 43.0
    • nixpkgs-unstable 43.0
    • nixos-unstable-small 43.0
  • nixos-25.11 43.0
    • nixos-25.11-small 43.0
    • nixpkgs-25.11-darwin 43.0

pkgs.pavolctld

Minimal volume control/monitoring daemon for PulseAudio and PipeWire

pkgs.gnomeExtensions.favorites-menu

Minimalist favorites menu button in top panel.

  • nixos-unstable 2
    • nixpkgs-unstable 2
    • nixos-unstable-small 2
  • nixos-25.11 2
    • nixos-25.11-small 2
    • nixpkgs-25.11-darwin 2

pkgs.gnomeExtensions.fullscreen-avoider

Moves the top panel to the secondary monitor if the primary is in fullscreen

  • nixos-unstable 15
    • nixpkgs-unstable 15
    • nixos-unstable-small 15
  • nixos-25.11 15
    • nixos-25.11-small 15
    • nixpkgs-25.11-darwin 15