Vulnerabilities > Onesignal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-27 | CVE-2023-28430 | Command Injection vulnerability in Onesignal React-Native-Onesignal OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues (types: [closed]) (i.e., when an Issue is closed). | 8.1 |
| 2019-08-30 | CVE-2019-15827 | Cross-site Scripting vulnerability in Onesignal Onesignal-Free-Web-Push-Notifications 1.17.5 The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. | 5.4 |