Messenger

This hub aggregates every CVE we track for Messenger, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Messenger.

• CVE-2025-5469Dylib Hijacking in Yandex Messenger8.8Dec 9, 2025
• CVE-2023-30097A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task ...5.4May 4, 2023
• CVE-2023-30096A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user informat...5.4May 4, 2023
• CVE-2023-30095A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel descr...5.4May 4, 2023
• CVE-2022-41708Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application...4.3Oct 19, 2022
• CVE-2022-41707Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data...6.5Oct 19, 2022
• CVE-2020-20093The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specia...6.5Mar 23, 2022
• CVE-2020-17476Mibew Messenger before 3.2.7 allows XSS via a crafted user name.6.1Aug 10, 2020
• CVE-2014-8688An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file.7.5Mar 14, 2017
• CVE-2014-7216Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut...9.3Sep 11, 2015
• CVE-2013-1085Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitr...9.3Mar 29, 2013
• CVE-2012-0268Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a craf...5.1Jan 19, 2012
• CVE-2011-3179The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted com...5.0Dec 8, 2011
• CVE-2009-4171An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and applica...4.3Dec 2, 2009
• CVE-2002-2361The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.5.8Oct 29, 2007