twilio CVE Vulnerabilities & Metrics

Focus on twilio vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About twilio Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with twilio. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total twilio CVEs: 2
Earliest CVE date: 10 Sep 2020, 02:15 UTC
Latest CVE date: 02 Jul 2024, 18:15 UTC

Latest CVE reference: CVE-2024-39891

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical twilio CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.95

Max CVSS: 1.9

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS twilio CVEs

These are the five CVEs with the highest CVSS scores for twilio, sorted by severity first and recency.

CVE-2020-24655 twilio Published on 10 Sep 2020, 02:15 UTC (CVSS: 1.9)
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).
CVE-2024-39891 twilio Published on 02 Jul 2024, 18:15 UTC (CVSS: 0)
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts w...

All CVEs for twilio

CVE-2024-39891 twilio vulnerability CVSS: 0 02 Jul 2024, 18:15 UTC

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.)

CVE-2020-24655 twilio vulnerability CVSS: 1.9 10 Sep 2020, 02:15 UTC

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).