Security: MobSF/Mobile-Security-Framework-MobSF
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
SSRF port restriction bypass in assetlinks_checkGHSA-95px-34x5-p37h published
Jul 5, 2026 by ajinabrahamLow -
Zip Bomb Denial of Service via Per-File Size Limit Bypass in ZIP/APK ExtractionGHSA-x768-8642-mmq9 published
Jul 5, 2026 by ajinabrahamModerate -
Regression: CSRF checks not enforced after Django migrationGHSA-3p54-567p-2wpr published
Jul 5, 2026 by ajinabrahamModerate -
Arbitrary File Read via Path Traversal in ZIP UploadsGHSA-8j49-mmcx-4mp5 published
Jul 5, 2026 by ajinabrahamModerate -
SQL Injection in SQLite Database Viewer utilsGHSA-hqjr-43r5-9q58 published
Mar 21, 2026 by ajinabrahamModerate -
Stored XSS via Manifest Analysis - Dialer Code Host FieldGHSA-8hf7-h89p-3pqj published
Jan 26, 2026 by ajinabrahamHigh -
Arbitrary File Write (AR-Slip) via Absolute Path in .a ExtractionGHSA-9gh8-9r95-3fc3 published
Aug 31, 2025 by ajinabrahamModerate -
Path Traversal in GET /download/<filename> using absolute filenames in MobSF data directoryGHSA-ccc3-fvfx-mw3v published
Aug 31, 2025 by ajinabrahamLow -
Stored Cross Site Scripting (XSS) via malicious SVG Icon UploadGHSA-mwfg-948f-2cc5 published
May 4, 2025 by ajinabrahamModerate -
Web Server Resource Exhaustion via ZIP of Death AttackGHSA-c5vg-26p8-q8cr published
May 4, 2025 by ajinabrahamModerate