Skip to content

Avo: Direct attachment upload endpoint lacks upload authorization and bypasses field-level upload policy

Moderate severity GitHub Reviewed Published Jun 2, 2026 in avo-hq/avo • Updated Jul 9, 2026

No closed alerts for this advisory

Give feedback on Dependabot alerts