Lucene search
K

46 matches found

CVE
CVE
added yesterday7 views

CVE-2026-54684

CVE-2026-54684 — jadx (Dex to Java decompiler) Affected versions: 1.5.2 to 1.5.5. The vulnerability arises when processing a malicious .xapk file: XApkLoader resolves each entry name directly with tmpDir.resolve(fileName) after a CWD-based ZIP security check, allowing an attacker to write archive...

7CVSS6.2AI score
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-42447

CVE-2026-42447 affects jadx (Dex to Java decompiler). The HTML injection occurs in the Summary tab via SummaryNode.java, which unescapes and inserts path components from an APK’s .so file entries into HTML without escaping. A malicious APK with a crafted HTML URL-encoded ZIP entry name can render...

3.6CVSS6.2AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-42049

CVE-2026-42049 affects jadx (Dex to Java decompiler). Before 1.5.6, exporting a decompiled APK as an Android Gradle project could cause the android:versionName from the manifest to be inserted into the generated app/build.gradle Groovy template without proper sanitization, enabling opening or bui...

8.4CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-58858

Name of the Vulnerable Software and Affected Versions jadx versions 1.5.2 through 1.5.5 Description A path traversal issue exists where a malicious .xapk file can cause the application to write attacker-controlled archive entry contents outside the intended XAPK plugin temporary unpack directory...

7CVSS6.3AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.8 views

CVE-2022-0219

Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2...

5.5CVSS6.8AI score0.01059EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7005

Malicious code in bioql PyPI...

5.5CVSS5.6AI score0.00312EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0685

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.01059EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:37 a.m.9 views

CVE-2024-32653

jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...

6.1CVSS7.7AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 p.m.21 views

CVE-2022-39259

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds...

5.5CVSS6.9AI score0.00312EPSS
Exploits1References1
Veracode
Veracode
added 2024/04/23 6:42 p.m.20 views

Improper Input Validation

jadx is vulnerable to Improper Input Validation. The vulnerability is due to lack of filtering of the package name before concatenation, allowing an attacker to inject arbitrary code into the package name, which could be exploited to execute commands with shell privileges...

6.1CVSS7.7AI score0.00236EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/04/23 6:56 a.m.13 views

Path Traversal

io.github.skylot:jadx-core is vulnerable to Path Traversal. The vulnerability is due to improper handling of escape characters in resource files and insufficient validation in processing zip files. This can lead to the possibility of overwriting other files in the directory when saving the...

7AI score
Exploits0
NVD
NVD
added 2024/04/22 11:15 p.m.14 views

CVE-2024-32653

jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...

6.1CVSS6.7AI score0.00236EPSS
Exploits0References3
CVE
CVE
added 2024/04/22 10:13 p.m.72 views

CVE-2024-32653

CVE-2024-32653 concerns Jadx, a Dex-to-Java decompiler. Before 1.5.0, the package name is not filtered prior to concatenation, enabling an attacker to inject arbitrary code into the package name and execute commands with shell privileges. The affected version is fixed in 1.5.0, which contains a p...

6.1CVSS7.6AI score0.00236EPSS
Exploits0References3
OSV
OSV
added 2024/04/22 10:13 p.m.8 views

CVE-2024-32653 Insufficient input filtering of "package name" allows command execution in the device with shell privileges

jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...

6.1CVSS6.9AI score0.00236EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/04/22 3:56 p.m.23 views

JADX file override vulnerability

Summary when jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result. Although I don't think this vulnerability realizes path traversal in the true sense of the word , I reported it anyway Detai...

7.1AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/04/22 3:56 p.m.32 views

GHSA-HVP5-5X4F-33FQ JADX file override vulnerability

Summary when jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result. Although I don't think this vulnerability realizes path traversal in the true sense of the word , I reported it anyway Detai...

3.3CVSS7.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.4 views

PT-2024-24747 · Jadx · Jadx

Name of the Vulnerable Software and Affected Versions: jadx versions prior to 1.5.0 Description: The issue concerns a Dex to Java decompiler where the package name is not filtered before concatenation, allowing an attacker to inject arbitrary code into the package name. This can be exploited to...

6.1CVSS8AI score0.00236EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.4 views

PT-2024-40332 · Jadx · Jadx

Name of the Vulnerable Software and Affected Versions: jadx affected versions not specified Description: The issue arises when jadx parses a resource file, specifically with an escape problem related to style files. This can lead to overwriting other files in the directory when saving the...

3.3CVSS7AI score
Exploits0References4
CNNVD
CNNVD
added 2024/04/22 12:0 a.m.6 views

Skylot Jadx 安全漏洞

Skylot Jadx is a Dex to Java decompiler. A security vulnerability exists in Skylot Jadx versions prior to 1.5.0 that stems from insufficient input filtering of the package name, which allows an attacker to execute commands in a device with shell privileges...

6.1CVSS7.2AI score0.00236EPSS
Exploits0References4
NVD
NVD
added 2022/10/21 11:15 p.m.59 views

CVE-2022-39259

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds...

5.5CVSS0.00312EPSS
Exploits1References1
Rows per page
Query Builder