Known Vulnerabilities for products from Signal
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Signal".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40613 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-39320 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-35369 json | Not Provided | 2026-04-22 | 2026-04-22 | |
| CVE-2026-35038 json | Not Provided | 2026-04-02 | 2026-04-02 | |
| CVE-2026-34083 json | Not Provided | 2026-04-02 | 2026-04-02 | |
| CVE-2026-33951 json | Not Provided | 2026-04-02 | 2026-04-02 | |
| CVE-2026-33950 json | Not Provided | 2026-04-02 | 2026-04-03 | |
| CVE-2026-31514 json | Not Provided | 2026-04-22 | 2026-04-22 | |
| CVE-2026-31474 json | Not Provided | 2026-04-22 | 2026-04-27 | |
| CVE-2026-23462 json | Not Provided | 2026-04-03 | 2026-04-27 | |
| CVE-2023-24069 json | ** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive at... | 3.3 - LOW | 2023-01-23 | 2023-11-07 |
| CVE-2023-24068 json | ** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments... | 7.8 - HIGH | 2023-01-23 | 2023-11-07 |
| CVE-2022-28345 json | The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning... | 7.5 - HIGH | 2022-04-15 | 2022-04-26 |
| CVE-2020-5753 json | Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal... | 5.3 - MEDIUM | 2020-05-20 | 2022-04-07 |
| CVE-2019-19954 json | Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_m... | 7.3 - HIGH | 2019-12-24 | 2020-08-24 |
| CVE-2019-17192 json | ** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videocon... | 9.8 - CRITICAL | 2019-10-05 | 2023-11-07 |
| CVE-2019-17191 json | The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without ca... | 7.5 - HIGH | 2019-10-05 | 2021-07-21 |
| CVE-2019-9970 json | Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Andro... | 6.5 - MEDIUM | 2019-03-24 | 2022-04-07 |
| CVE-2018-16132 json | The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for... | 8.6 - HIGH | 2018-08-29 | 2018-11-08 |
| CVE-2018-14023 json | Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage. | 4 - MEDIUM | 2018-08-20 | 2018-10-15 |
Known software with vulnerabilities from Signal
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Signal | Messenger | 0.6 |
| Application | Signal | Private Messenger | - |
| Application | Signal | Signal | 0.1 |
| Application | Signal | Signal-desktop | 0.1.11 |
| Application | Signal | Signal Private Messenger | 0.6 |