The mobile vulnerabilities we've found — in the apps you've heard of

Every CVE listed here has been discovered and responsibly disclosed by Oversecured. They show our ongoing work to find real security issues and help make mobile apps safer. Every entry is verifiable in the National Vulnerability Database.

186

CVEs disclosed

165

Brands rewarded us

9

Vendor CVE programs

9

Android ecosystems

To embed a website or widget, add it to the properties panel.

186 CVEs.
Every one public in NVD.

Each link below resolves to the National Vulnerability Database. Click any CVE to independently verify the disclosure, severity score, and affected vendor. We don't ask you to trust us — we ask you to check.

For media / press:

These CVEs were discovered by Oversecured's mobile-specific taint analysis engine, running autonomously against production Android applications. Every entry is independently verifiable in the National Vulnerability Database.

CVE-2019-5765

CVE-2020-8913

CVE-2021-0444

CVE-2021-0550

CVE-2021-0600

CVE-2021-0788

CVE-2021-23863

CVE-2021-25356

CVE-2021-25377

CVE-2021-25379

CVE-2021-25388

CVE-2021-25390

CVE-2021-25391

CVE-2021-25392

CVE-2021-25393

CVE-2021-25397

CVE-2021-25400

CVE-2021-25401

CVE-2021-25404

CVE-2021-25410

CVE-2021-25413

CVE-2021-25414

CVE-2021-25426

CVE-2021-25440

CVE-2021-25514

CVE-2022-1130

CVE-2022-20135

CVE-2022-20142

CVE-2022-2479

CVE-2022-28544

CVE-2022-28781

CVE-2022-28783

CVE-2022-28784

CVE-2022-28790

CVE-2022-30727

CVE-2022-30745

CVE-2022-30746

CVE-2022-30747

CVE-2022-30748

CVE-2022-30754

CVE-2022-33689

CVE-2022-33690

CVE-2022-33694

CVE-2022-33705

CVE-2022-33708

CVE-2022-33709

CVE-2022-33710

CVE-2022-33712

CVE-2022-33713

CVE-2022-33715

CVE-2022-33721

CVE-2022-33722

CVE-2022-33725

CVE-2022-33726

CVE-2022-33731

CVE-2022-33732

CVE-2022-33733

CVE-2022-33734

CVE-2022-36829

CVE-2022-36830

CVE-2022-36831

CVE-2022-36832

CVE-2022-36833

CVE-2022-36834

CVE-2022-36835

CVE-2022-36836

CVE-2022-36837

CVE-2022-36838

CVE-2022-36839

CVE-2022-36850

CVE-2022-36852

CVE-2022-36853

CVE-2022-36865

CVE-2022-36866

CVE-2022-36867

CVE-2022-36870

CVE-2022-36871

CVE-2022-36872

CVE-2022-39858

CVE-2022-39859

CVE-2022-39860

CVE-2022-39861

CVE-2022-39863

CVE-2022-39864

CVE-2022-39865

CVE-2022-39866

CVE-2022-39867

CVE-2022-39868

CVE-2022-39869

CVE-2022-39870

CVE-2022-39871

CVE-2022-39879

CVE-2022-39880

CVE-2022-39884

CVE-2022-39887

CVE-2022-39888

CVE-2022-39890

CVE-2022-39894

CVE-2022-39895

CVE-2022-39896

CVE-2022-39898

CVE-2022-39899

CVE-2022-39903

CVE-2022-39904

CVE-2022-39905

CVE-2022-39906

CVE-2022-39913

CVE-2022-39914

CVE-2022-39915

CVE-2023-20963

CVE-2023-21024

CVE-2023-21292

CVE-2023-21383

CVE-2023-21421

CVE-2023-21422

CVE-2023-21424

CVE-2023-21425

CVE-2023-21426

CVE-2023-21427

CVE-2023-21428

CVE-2023-21429

CVE-2023-21431

CVE-2023-21436

CVE-2023-21437

CVE-2023-21445

CVE-2023-21446

CVE-2023-21449

CVE-2023-21452

CVE-2023-21491

CVE-2023-30667

CVE-2023-30700

CVE-2023-30701

CVE-2023-30706

CVE-2023-30709

CVE-2023-30717

CVE-2023-30718

CVE-2023-30719

CVE-2023-30720

CVE-2023-30723

CVE-2023-30727

CVE-2023-30730

CVE-2023-30734

CVE-2023-30737

CVE-2023-31014

CVE-2023-41816

CVE-2023-41817

CVE-2023-41818

CVE-2023-41819

CVE-2023-41820

CVE-2023-41821

CVE-2023-41822

CVE-2023-41823

CVE-2023-41824

CVE-2023-41825

CVE-2023-41826

CVE-2023-41827

CVE-2023-41828

CVE-2023-41829

CVE-2023-41830

CVE-2023-42530

CVE-2023-42534

CVE-2023-42539

CVE-2023-42540

CVE-2023-42556

CVE-2023-42572

CVE-2023-44121

CVE-2023-44122

CVE-2023-44123

CVE-2023-44124

CVE-2023-44125

CVE-2023-44126

CVE-2023-44127

CVE-2023-44128

CVE-2023-44129

CVE-2024-0017

CVE-2024-20807

CVE-2024-20822

CVE-2024-20823

CVE-2024-20824

CVE-2024-20825

CVE-2024-20826

CVE-2024-20850

CVE-2024-3108

CVE-2024-3109

CVE-2024-3479

CVE-2024-3480

Behind our security research

Inspired by the best transparency practices in security research, we share our scope openly, document our process, and welcome feedback

What a CVE means

Each CVE listed was:

  • Discovered by Oversecured's mobile-specific engine

  • Reported to the affected vendor through their disclosure process

  • Accepted, patched, and assigned a CVE ID by the vendor or MITRE

  • Publicly available in the NVD after coordinated disclosure.

What a bug bounty brand means

Each company listed:

  • Operated a bug bounty program that accepted mobile app reports

  • Accepted a vulnerability report submitted by Oversecured

  • Validated the finding as real and actionable

  • Paid a monetary reward for the disclosure

What this page doesn't include

The scope of the research:

  • Private findings disclosed under NDA are not counted here

  • Customer scans performed on behalf of our enterprise customers are not included

  • Duplicate or informational bounty reports are not counted

  • We don't claim CVE discovery for bugs found by other researchers

How we update this page

This is how our team reviews this page:


  • New CVEs added within one week of public NVD availability

  • New bug bounty brands added as vendors permit disclosure

  • The page is versioned in git — historic counts are reproducible

  • Press inquiries: press@oversecured.com

Every one of these bugs was found by an automated scanner, not by a human pentester

If Oversecured found these issues in production apps from some of the world’s biggest brands, it can find similar issues in yours.

Request a scan

2026 © Oversecured

follow us

LinkedIn

Twitter (X)

Privacy Policy

Terms of use

go up ↑