KnownVuln lacks information

I noticed, that some apps are marked with the Known Vuln flag, when there are known vulnerabilities, which is great.
Still, I ended up often searching for those vulnerabilities without success. It would be nice to have some links with information about those vulnerabilities (eg. bug reports…) provided alongside the flag on a per-app basis.

This would help me to weigh out the risk of installing an affected app, as well as getting active (eg. by contributing patches to the project).


The explanation

Known Vulnerability
This Anti-Feature is applied to apps with a known security vulnerability, found by one of the scanners in fdroidserver.

is not very helpful. Why would F-Droid distribute apps having known vulnerability? How severe is the vulnerability? How concerned should users be? Where can more info’ be found?

Of the currently 6 apps with this, 4 have “web” links going to 404 errors, maybe the the “archived” issue.

Oh, the lack of info’ issue is another old, known issue

Of those 6, 4 are Archived, one is some other bug elsewhere, and one has never been rebuilt.

So basically we have none in the repo…

/PS: elsewhere: Should old pdf readers/readers using old libraries be tagged with KnownVuln antifeature? (#2672) · Issues · F-Droid / Data · GitLab