Methodology & transparency
About Appaloosa Scout
An initiative by Appaloosa (OB2J SAS), French publisher of sovereign MDM/EMM solutions.
SecNumCloud / ANSSI compatible, GDPR-native. All data flows handled exclusively in France.
Methodology
Coverage
Only CVEs publicly referenced in NVD (NIST) with a CPE configuration tagged iphone_os, ipados or android are listed.
The absence of CVEs is not a security guarantee — many mobile app vulnerabilities are never published to NVD.
CPE → bundle ID matching
The mapping between NVD CPE identifiers and App Store / Play Store bundle IDs relies on a curated mapping (versioned in git) extended by automatic store-verified inference.
False negatives possible if an app is not yet mapped — the page stays empty rather than making false associations.
OS-level limits
iOS / iPadOS / Android Framework CVEs (kernel, WebKit, Qualcomm…) are not included. For those, see Apple Security Releases and Android Security Bulletins.
Data licenses
NVD is public domain, CISA KEV is CC0. Source cited on every record. No hidden reprocessing.
Update frequency
Use cases
MDM admin
Quickly check which CVEs concern the managed apps in your fleet.
CISO
Track CISA KEV CVEs affecting the enterprise mobile ecosystem.
Research
Explore the landscape of publicly recognized mobile vulnerabilities.
Appaloosa, the publisher
Appaloosa provides a complete French MDM/EMM platform: public and private app distribution, iOS / Android / macOS / Windows device management, compliance, mass deployments.