Overview · sparkle-project/Sparkle · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Binary delta apply intermediate-symlink traversal in malicious .delta
GHSA-hg88-v3cw-3qrh published May 19, 2026 by zorgiepoo

Moderate
AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection.
GHSA-g3hp-f6mg-559v published May 19, 2026 by zorgiepoo

Moderate

Learn more about advisories related to sparkle-project/Sparkle in the GitHub Advisory Database