To report a security issue, please open a new security advisory. Please fill the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. We will check and respond within 3 working days. If the issue is confirmed as a vulnerability, we will apply required mitigations at the next release.
Security: skylot/jadx
Security
SECURITY.md
-
XAPK archive entries with absolute paths can plant drop-in plugins and achieve code execution on the next jadx runGHSA-gpvc-ccw7-744v published
Jul 10, 2026 by skylotHigh -
HTML Injection in Summary panelGHSA-jwv3-q635-w9m4 published
Jul 10, 2026 by skylotLow -
RCE Via Groovy Code Injection in Gradle ExportGHSA-w6f5-h4x4-rfpj published
Jul 10, 2026 by skylotModerate -
Insufficient input filtering of "package name" allows command execution in the device with shell privilegesGHSA-3pp3-hg2q-9gpm published
Apr 22, 2024 by skylotModerate -
jadx-gui file overrideGHSA-hvp5-5x4f-33fq published
Apr 22, 2024 by skylotLow -
Jadx-gui: Swing HTML DOS attackGHSA-3r7j-8mqh-6qhx published
Oct 20, 2022 by skylotModerate -
Vulnerable library protobuf-java 3.11.4GHSA-fjh6-p566-wr6q published
Jul 20, 2022 by skylotModerate
Learn more about advisories related to skylot/jadx in the GitHub Advisory Database