pkg:PyPI/mobsf

All known vulnerabilities

• HIGH8.1CVE-2026-24490MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field
  from 0, < 4.4.5
• HIGH8.1CVE-2025-24803MobSF Stored Cross-Site Scripting (XSS)
  from 0, < 4.3.1
• HIGH8.0CVE-2024-43399Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
  from 0, < 4.0.7
• HIGH7.5MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
  from 0, < f22c584aa7d43527970c9da61eb678953cfc0a8e | from 0, < 3.9.7
• HIGH7.5MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
  from 0, < 3.9.7
• HIGH7.5Withdrawn Advisory: Mobile Security Framework (MobSF) Vulnerable to Insecure Permissions
  from 0, < 3.9.7
• HIGH7.5Withdrawn Advisory: Mobile Security Framework (MobSF) Vulnerable to Insecure Permissions
  from 0, < 3.9.7
• HIGH7.5MobSF allows attackers to read arbitrary files via a crafted HTTP request
  from 0, < 0.9.3
• HIGH7.3SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
  from 0, < 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 | from 0, < 3.9.7
• MEDIUM6.8Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
  from 0, <= 4.3.2
• MEDIUM6.5MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
  from 0, < 4.4.1
• MEDIUM6.5MobSF Local Privilege Escalation
  from 0, < 4.3.1
• MEDIUM6.5MobSF Partial Denial of Service (DoS)
  from 0, < 4.3.1
• MEDIUM6.3Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
  from 0, < 3.9.8
• MEDIUM6.1Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
  from 0, < 4.2.9
• MEDIUM5.3MobSF has SQL Injection in its SQLite Database Viewer Utils
  from 0, < 4.4.6
• MEDIUM5.2MobSF vulnerable to Open Redirect in Login Redirect
  from 0, < 4.0.5
• MEDIUM4.4Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding
  from 0, < 4b8bab5a9858c69fe13be4631b82d82186e0d3bd | from 0, < 4.3.2
• MEDIUM4.4Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding
  from 0, < 4.3.2
• —MobSF Path Traversal in GET /download/<filename> using absolute filenames
  from 0, < 4.4.1
• —Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
  from 0, < 4.3.3