| Version | Supported |
|---|---|
| 1.0.x | ❌ |
| 2.0.x | ❌ |
| 3.0.x | ✅ |
| 4.0.x | ✅ |
Please report all security issues here or email ajin25(gmail). We believe in coordinated and responsible disclosure.
| Vulnerability | Affected Versions |
|---|---|
| SSRF in firebase database check | <=3.9.7 |
| SSRF in AppLink check via abusing url redirect | <=3.9.6 |
| SSRF in AppLink check via crafted android:host | <=3.9.5 |
| Arbitrary Local file read in APK icon resource | >=1.0.4, <=3.9.2 |
| Remote Code Execution via arbitrary file overwrite vulnerability in apktool <2.9.2, [CVE-2024-21633] | <=3.9.1 |
| Arbitrary Local file read regression | <3.0.0 |
| Upload a malicious zip file can overwrite arbitary files | >=0.9.3.2, <=0.9.4.1 |
| Arbitrary Local file read | <=0.9.2 |