HIGH 8.0 PyPI
GHSA-4hh3-vj32-gr6j · CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
Modified: 8/20/2024
package
PyPI / mobsf
pkg:pypi/mobsf
MEDIUM 6.1 PyPI
GHSA-5jc6-h9w7-jm3p · CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Modified: 6/30/2025
MEDIUM 6.5 PyPI
GHSA-79f6-p65j-3m2m · CVE-2025-24805 MobSF Local Privilege Escalation
Modified: 2/5/2025
HIGH 8.1 PyPI
GHSA-8hf7-h89p-3pqj · CVE-2026-24490 MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field
Modified: 2/3/2026
MEDIUM 5.2 PyPI
GHSA-8m9j-2f32-2vx4 · CVE-2024-41955 MobSF vulnerable to Open Redirect in Login Redirect
Modified: 8/2/2024
MEDIUM 6.5 PyPI
GHSA-9gh8-9r95-3fc3 · CVE-2025-58162 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
Modified: 9/2/2025
MEDIUM 6.8 PyPI
GHSA-c5vg-26p8-q8cr · CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
Modified: 5/5/2025
LOW PyPI
GHSA-ccc3-fvfx-mw3v · CVE-2025-58161 MobSF Path Traversal in GET /download/<filename> using absolute filenames
Modified: 9/2/2025
HIGH 8.1 PyPI
GHSA-cxqq-w3x5-7ph3 · CVE-2025-24803 MobSF Stored Cross-Site Scripting (XSS)
Modified: 2/5/2025
HIGH 7.5 PyPI
GHSA-f42p-vc8p-7x54 · CVE-2022-41547 MobSF allows attackers to read arbitrary files via a crafted HTTP request
Modified: 11/8/2023
MEDIUM 4.4 PyPI
GHSA-fcfq-m8p6-gw56 · CVE-2025-31116, PYSEC-2025-48 Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding
Modified: 6/10/2026
MEDIUM 5.3 PyPI
GHSA-hqjr-43r5-9q58 · CVE-2026-33545 MobSF has SQL Injection in its SQLite Database Viewer Utils
Modified: 3/27/2026
MEDIUM 6.5 PyPI
GHSA-jrm8-xgf3-fwqr · CVE-2025-24804 MobSF Partial Denial of Service (DoS)
Modified: 2/26/2025
HIGH 7.5 PyPI
GHSA-m435-9v6r-v5f6 · CVE-2024-54000, PYSEC-2024-256 MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
Modified: 6/27/2025
MEDIUM PyPI
GHSA-mwfg-948f-2cc5 · CVE-2025-46335 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
Modified: 5/5/2025
MEDIUM 6.3 PyPI
GHSA-wpff-wm84-x5cx · CVE-2024-31215 Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Modified: 6/30/2025
HIGH 7.5 PyPI
PYSEC-2023-310 · CVE-2023-42261, GHSA-cc8j-6phr-jv9x Modified: 6/10/2026
— PyPI
PYSEC-2024-256 · CVE-2024-54000, GHSA-m435-9v6r-v5f6 Modified: 6/27/2025
HIGH 7.5 PyPI
PYSEC-2024-257 · CVE-2024-29190, GHSA-wfgj-wrgh-h3r3 Modified: 6/10/2026
CRITICAL 9.8 PyPI
PYSEC-2025-48 · CVE-2025-31116, GHSA-fcfq-m8p6-gw56 Modified: 6/10/2026