Browse all 3 CVE security advisories affecting OneSignal. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OneSignal provides customer engagement tools through push notifications, in-app messaging, and email marketing platforms. Historically, vulnerabilities have included stored cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from improper input validation and insecure deserialization. The platform has faced security incidents, including a 2021 vulnerability (CVE-2021-44228) in its SDK that allowed RCE due to a Log4j flaw. Security characteristics include third-party integrations and API endpoints that require robust access controls. With three CVEs on record, the platform's security posture reflects common risks in web-based communication services, emphasizing the need for regular security assessments and prompt patch management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-28430 | OneSignal repository github action command injection — react-native-onesignalCWE-77 | 7.3 | High | 2023-03-27 |
This page lists every published CVE security advisory associated with OneSignal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.