Skip to content

Security: MobSF/Mobile-Security-Framework-MobSF

Security

Report a vulnerability

.github/SECURITY.md

Security Policy

Supported Versions

Version Supported
1.0.x
2.0.x
3.0.x
4.0.x

Reporting a Vulnerability

Please report all security issues here or email ajin25(gmail). We believe in coordinated and responsible disclosure.

Past Security Issues

Vulnerability Affected Versions
SSRF in firebase database check <=3.9.7
SSRF in AppLink check via abusing url redirect <=3.9.6
SSRF in AppLink check via crafted android:host <=3.9.5
Arbitrary Local file read in APK icon resource >=1.0.4, <=3.9.2
Remote Code Execution via arbitrary file overwrite vulnerability in apktool <2.9.2, [CVE-2024-21633] <=3.9.1
Arbitrary Local file read regression <3.0.0
Upload a malicious zip file can overwrite arbitary files >=0.9.3.2, <=0.9.4.1
Arbitrary Local file read <=0.9.2
Learn more about advisories related to MobSF/Mobile-Security-Framework-MobSF in the GitHub Advisory Database