pkg:PyPI/mobsf

20 total CVEsHIGH8MEDIUM10

✅ Check your installed version

All known vulnerabilities

  • HIGH8.1CVE-2026-24490MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field
    from 0, < 4.4.5
  • HIGH8.1CVE-2025-24803MobSF Stored Cross-Site Scripting (XSS)
    from 0, < 4.3.1
  • HIGH8.0CVE-2024-43399Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
    from 0, < 4.0.7
  • HIGH7.5CVE-2024-54000MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
    from 0, < f22c584aa7d43527970c9da61eb678953cfc0a8e | from 0, < 3.9.7
  • HIGH7.5CVE-2024-54000MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
    from 0, < 3.9.7
  • HIGH7.5CVE-2023-42261Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions.
    from 0, < 3.9.7
  • HIGH7.5CVE-2022-41547MobSF allows attackers to read arbitrary files via a crafted HTTP request
    from 0, < 0.9.3
  • HIGH7.3CVE-2024-29190SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
    from 0, < 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 | from 0, < 3.9.7
  • MEDIUM6.8CVE-2025-46730Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
    from 0, <= 4.3.2
  • MEDIUM6.5CVE-2025-58162MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
    from 0, < 4.4.1
  • MEDIUM6.5CVE-2025-24805MobSF Local Privilege Escalation
    from 0, < 4.3.1
  • MEDIUM6.5CVE-2025-24804MobSF Partial Denial of Service (DoS)
    from 0, < 4.3.1
  • MEDIUM6.3CVE-2024-31215Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
    from 0, < 3.9.8
  • MEDIUM6.1CVE-2024-53999Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
    from 0, < 4.2.9
  • MEDIUM5.3CVE-2026-33545MobSF has SQL Injection in its SQLite Database Viewer Utils
    from 0, < 4.4.6
  • MEDIUM5.2CVE-2024-41955MobSF vulnerable to Open Redirect in Login Redirect
    from 0, < 4.0.5
  • MEDIUM4.4CVE-2025-31116Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding
    from 0, < 4b8bab5a9858c69fe13be4631b82d82186e0d3bd | from 0, < 4.3.2
  • MEDIUM4.4CVE-2025-31116Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding
    from 0, < 4.3.2
  • CVE-2025-58161MobSF Path Traversal in GET /download/<filename> using absolute filenames
    from 0, < 4.4.1
  • CVE-2025-46335Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
    from 0, < 4.3.3