whatsapp · threatengine.sh

CVE-2026-23866

>= 2.25.8.0 and <= 2.26.7.10

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp f

4.3MEDIUM

CVE-2026-23863

< 2.3000.1032164386.258709

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted d

6.5MEDIUM

CVE-2025-55179

>= 2.25.8.17 and < 2.25.23.73

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, a

5.4MEDIUM

CVE-2025-55177

>= 2.22.25.2 and < 2.25.21.73

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for

5.4MEDIUM

CVE-2025-30401

< 2.2450.6

A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected

6.7MEDIUM

CVE-2023-38538

< 2.2320.2

A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulte

5.0MEDIUM

CVE-2023-38537

< 2.2338.12

A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/v

5.6MEDIUM

CVE-2022-27492

< 2.22.16.2

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.

7.8HIGH

CVE-2022-36934

< 2.22.16.12

An integer overflow in WhatsApp could result in remote code execution in an established video call.

9.8CRITICAL

CVE-2020-20096

<= 2.19.222

Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user,

6.5MEDIUM

CVE-2021-24043

all versions

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2

9.1CRITICAL

CVE-2021-24042

< 2.21.23

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS pr

9.8CRITICAL

CVE-2021-24041

< 2.21.22.7

A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.

9.8CRITICAL

CVE-2021-24035

< 2.21.8.13

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v

9.1CRITICAL

CVE-2021-24027

< 2.21.4.18

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed

7.5HIGH

CVE-2021-24026

< 2.21.3

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Bu

9.8CRITICAL

CVE-2020-1910

< 2.21.1.13

A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could hav

7.8HIGH

CVE-2020-1909

< 2.20.111

A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 coul

9.8CRITICAL

CVE-2020-1908

< 2.20.100

Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitte

4.6MEDIUM

CVE-2020-1907

< 2.20.196.16

A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for

9.8CRITICAL

CVE-2020-1906

< 2.20.130

A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowe

7.8HIGH

CVE-2020-1905

< 2.20.185

Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2

3.3LOW

CVE-2020-1904

< 2.20.61

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed f

5.5MEDIUM

CVE-2020-1903

< 2.20.61

An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior t

5.5MEDIUM

CVE-2020-1902

>= 2.20.108 and <= 2.20.140

A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Busine

7.5HIGH

CVE-2020-1901

< 2.20.91.4

Receiving a large text message containing URLs in WhatsApp for iOS prior to v2.20.91.4 could have caused the application to freeze

5.3MEDIUM

CVE-2020-1894

< 2.20.35

A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iP

8.8HIGH

CVE-2020-1891

< 2.20.17

A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v

9.8CRITICAL

CVE-2020-1890

< 2.20.11

A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have cau

7.5HIGH

CVE-2020-1889

< 0.3.4932

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron

10.0CRITICAL

CVE-2020-1886

< 2.20.11

A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed

8.8HIGH

CVE-2019-11928

< 0.3.4932

An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on

6.1MEDIUM

CVE-2019-18426

< 2.20.10

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allo

8.2HIGH

CVE-2019-11931

< 2.19.274

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue

7.8HIGH

CVE-2019-11933

< 2.19.291

A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could

9.8CRITICAL

CVE-2019-11932

< 2.19.244

A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as

8.8HIGH

CVE-2019-11927

< 2.9.143

An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via

7.8HIGH

CVE-2019-3571

< 0.3.3793

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to use

5.3MEDIUM

CVE-2018-6350

< 2.18.99

An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for

9.8CRITICAL

CVE-2018-6349

< 2.18.248

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-ba

9.8CRITICAL

CVE-2018-6339

>= 2.18.180 and < 2.18.295

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed

9.8CRITICAL

CVE-2018-20655

< 2.18.90.24

When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based

9.8CRITICAL

CVE-2019-3568

< 2.19.134

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets

9.8CRITICAL

CVE-2019-3566

>= 2.19.54 and <= 2.19.103

A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over a WhatsApp

5.9MEDIUM

CVE-2018-6344

< 2.18.293

A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability ca

7.5HIGH

CVE-2017-8769

< 2.16.323

Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images,

4.6MEDIUM