| Android | Number Of NVD | 6904 | CRITICAL | 484 | HIGH | 3022 | MEDIUM | 3149 | LOW | 241 |
| URL | https://www.android.com/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | It is an operating system installed on smartphones provided by Google. Since it is open source, many manufacturers use it in their smartphones, tablets, and wearable devices. The support period differs for each development vendor. After Google provides a security patch, it is up to the vendor to provide the patch to the target devices. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://en.wikipedia.org/wiki/Android_version_history | ||
| 2 | https://source.android.com/setup/start/licenses | ||
| 3 | https://source.android.com/security/bulletin/ | ||
| 4 | https://developer.android.com/ | ||
| 5 | https://developer.android.com/about/versions/ | ||
| 6 | https://android-developers.googleblog.com/ |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 11 | Android 14 | 14.1 | Nov. 6, 2024 | Aug. 7, 2024 | 0 | 3 | 1 | 0 | |||
| 12 | Android 13 | 13.4 | Aug. 7, 2023 | Aug. 15, 2022 | 15 | 317 | 812 | 67 | |||
| 13 | Android 12 | 12.4 | Oct. 17, 2022 | Oct. 4, 2020 | 43 | 479 | 1193 | 106 | |||
| 14 | Android 11 | 11 | Sept. 8, 2020 | Sept. 8, 2020 | 58 | 636 | 1364 | 107 | |||
| 15 | Android 10 | 10 | Sept. 3, 2019 | Sept. 3, 2019 | 103 | 680 | 1055 | 110 | |||
| 16 | Android 9 | 9 | Aug. 6, 2018 | Aug. 6, 2018 | 112 | 463 | 331 | 35 | |||
| 17 | Android 8 | 8.1.0 | Dec. 5, 2017 | Aug. 21, 2017 | 144 | 529 | 318 | 25 | |||
| 18 | Android 7 | 7.1.2 | April 4, 2017 | Aug. 22, 2016 | 116 | 627 | 380 | 20 | |||
| 19 | Android 6 | 6.0.1 | Dec. 7, 2015 | Oct. 5, 2015 | 109 | 734 | 397 | 20 | |||
| 20 | Android 5 | 5.1.1 | April 21, 2015 | Nov. 12, 2014 | 67 | 661 | 317 | 16 | |||
| 21 | Android 4 | 4.4.4 | June 19, 2014 | Oct. 18, 2011 | 53 | 577 | 271 | 16 | |||
| 22 | Android 3 | 3.2.6 | Feb. 1, 2012 | Feb. 22, 2011 | 25 | 420 | 174 | 10 | |||
| 23 | Android 2 | 2.2.3 | Nov. 21, 2011 | Oct. 26, 2009 | 25 | 424 | 181 | 12 | |||
| 24 | Android 1 | 1.6 | Sept. 15, 2009 | Sept. 23, 2008 | 150 | 1594 | 2337 | 209 | |||
| 25 | Android 9.0 | 9.0 | 109 | 441 | 323 | 34 | |||||
| 26 | Android 7.2 | 7.2 | 16 | 61 | 79 | 9 | |||||
| 27 | Android 12.1 | 12.1 | 15 | 229 | 224 | 23 | |||||
| 28 | Android 12.0l | 12.0l | 0 | 28 | 68 | 9 | |||||
| 29 | Android 12.0 | 12.0 | 43 | 447 | 1159 | 104 | |||||
| 30 | Android 11.0 | 11.0 | 58 | 636 | 1364 | 107 | |||||
| 31 | Android 10.0 | 10.0 | 103 | 680 | 1055 | 110 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 11 |
8.0 - |
HIGH
Adjacent |
In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalati… |
CWE-190
Integer Overflow or Wraparound |
CVE-2026-0095 |
cpe:2.3:o:google:android:16.0:qpr2_beta_3 cpe:2.3:o:google:android:16.0:qpr2_beta_2 cpe:2.3:o:google:android:16.0… |
2026-06-4 02:00 2026-06-2 |
Show | GitHub Exploit DB Packet Storm | ||||
| 12 |
7.8 - |
HIGH
Local |
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalat… |
CWE-451
User Interface (UI) Misrepresentation of Critical Information |
CVE-2026-0094 |
cpe:2.3:o:google:android:16.0:qpr2_beta_3 cpe:2.3:o:google:android:16.0:qpr2_beta_2 cpe:2.3:o:google:android:16.0… |
2026-06-4 02:00 2026-06-2 |
Show | GitHub Exploit DB Packet Storm | ||||
| 13 |
7.8 - |
HIGH
Local |
In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n… |
CWE-451
User Interface (UI) Misrepresentation of Critical Information |
CVE-2026-0093 |
cpe:2.3:o:google:android:16.0:qpr2_beta_3 cpe:2.3:o:google:android:16.0:qpr2_beta_2 cpe:2.3:o:google:android:16.0… |
2026-06-4 02:00 2026-06-2 |
Show | GitHub Exploit DB Packet Storm | ||||
| 14 |
7.8 - |
HIGH
Local |
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execut… |
CWE-269
Improper Privilege Management |
CVE-2026-0091 |
cpe:2.3:o:google:android:16.0:qpr2_beta_3 cpe:2.3:o:google:android:16.0:qpr2_beta_2 cpe:2.3:o:google:android:16.0… |
2026-06-4 01:59 2026-06-2 |
Show | GitHub Exploit DB Packet Storm | ||||
| 15 |
7.8 - |
HIGH
Local |
In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no a… |
CWE-269
Improper Privilege Management |
CVE-2026-0089 |
cpe:2.3:o:google:android:16.0:qpr2_beta_3 cpe:2.3:o:google:android:16.0:qpr2_beta_2 cpe:2.3:o:google:android:16.0… |
2026-06-4 01:59 2026-06-2 |
Show | GitHub Exploit DB Packet Storm | ||||
| 16 |
7.8 - |
HIGH
Local |
In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with … |
CWE-451
User Interface (UI) Misrepresentation of Critical Information |
CVE-2026-0088 |
cpe:2.3:o:google:android:16.0:qpr2_beta_3 cpe:2.3:o:google:android:16.0:qpr2_beta_2 cpe:2.3:o:google:android:16.0… |
2026-06-4 01:59 2026-06-2 |
Show | GitHub Exploit DB Packet Storm | ||||
| 17 |
7.8 - |
HIGH
Local |
In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of p… |
CWE-693
Protection Mechanism Failure |
CVE-2026-0087 |
cpe:2.3:o:google:android:16.0:qpr2_beta_3 cpe:2.3:o:google:android:16.0:qpr2_beta_2 cpe:2.3:o:google:android:16.0… |
2026-06-4 01:59 2026-06-2 |
Show | GitHub Exploit DB Packet Storm | ||||
| 18 |
6.8 - |
MEDIUM
Local |
In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execu… |
CWE-269
Improper Privilege Management |
CVE-2026-0086 |
cpe:2.3:o:google:android:16.0:qpr2_beta_3 cpe:2.3:o:google:android:16.0:qpr2_beta_2 cpe:2.3:o:google:android:16.0… |
2026-06-4 01:58 2026-06-2 |
Show | GitHub Exploit DB Packet Storm | ||||
| 19 |
5.5 - |
MEDIUM
Local |
In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no addition… |
CWE-20
Improper Input Validation |
CVE-2026-0085 |
cpe:2.3:o:google:android:16.0:qpr2_beta_3 cpe:2.3:o:google:android:16.0:qpr2_beta_2 cpe:2.3:o:google:android:16.0… |
2026-06-4 02:02 2026-06-2 |
Show | GitHub Exploit DB Packet Storm | ||||
| 20 |
6.5 - |
MEDIUM
Network |
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution priv… |
CWE-190
Integer Overflow or Wraparound |
CVE-2026-0080 |
cpe:2.3:o:google:android:16.0:qpr2_beta_3 cpe:2.3:o:google:android:16.0:qpr2_beta_2 cpe:2.3:o:google:android:16.0… |
2026-06-4 01:58 2026-06-2 |
Show | GitHub Exploit DB Packet Storm |