Twilio Twilio

  1. Vendors
  2. Twilio

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Twilio product.

RSS Feeds for Twilio security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Twilio products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Twilio Sorted by Most Security Vulnerabilities since 2018

Twilio Authy1 vulnerability

Twilio Authy 2 Factor Authentication1 vulnerability

Twilio Authy Authenticator1 vulnerability

Known Exploited Twilio Vulnerabilities

The following Twilio vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Twilio Authy Information Disclosure Vulnerability Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.
CVE-2024-39891 Exploit Probability: 17.1% 		July 23, 2024

The vulnerability CVE-2024-39891: Twilio Authy Information Disclosure Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 0 vulnerabilities in Twilio. Twilio did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 1 5.30

It may take a day or so for new Twilio vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Twilio Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-39891 Jul 02, 2024
Authy API: Unauth Endpoint Exposes Phone # Data (Android <25.1.0 / iOS <26.1.0) In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.)
Authy
Authy Authenticator
Authy 2 Factor Authentication
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.