VulnerableCode Package Details - pkg:npm/whatsapp-api-js@4.0.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/whatsapp-api-js@4.0.3

Essentials
History (3)

purl	pkg:npm/whatsapp-api-js@4.0.3

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-br5c-99tr-6bbx	whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3.	CVE-2024-45607 GHSA-mwhf-vhr5-7j23

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:39:22.320230+00:00	GitLab Importer	Fixing	VCID-br5c-99tr-6bbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/whatsapp-api-js/CVE-2024-45607.yml	38.6.0
2026-06-12T07:41:01.083071+00:00	GithubOSV Importer	Fixing	VCID-br5c-99tr-6bbx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-mwhf-vhr5-7j23/GHSA-mwhf-vhr5-7j23.json	38.6.0
2026-06-11T20:35:58.353928+00:00	GHSA Importer	Fixing	VCID-br5c-99tr-6bbx	https://github.com/advisories/GHSA-mwhf-vhr5-7j23	38.6.0