Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/matrix-synapse@1.5.1
Typepypi
Namespace
Namematrix-synapse
Version1.5.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.106
Latest_non_vulnerable_version1.152.1
Affected_by_vulnerabilities
0
url VCID-1cxk-wn3b-jycq
vulnerability_id VCID-1cxk-wn3b-jycq
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21392
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.41975
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21392
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/4ca054a4eaa714d0befb4fc30b19a1131e52c9cc
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/4ca054a4eaa714d0befb4fc30b19a1131e52c9cc
3
reference_url https://github.com/matrix-org/synapse/pull/9240
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9240
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-25.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-25.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21392
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21392
8
reference_url https://pypi.org/project/matrix-synapse
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/matrix-synapse
9
reference_url https://pypi.org/project/matrix-synapse/
reference_id
reference_type
scores
url https://pypi.org/project/matrix-synapse/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.28.0rc1
purl pkg:pypi/matrix-synapse@1.28.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cxk-wn3b-jycq
1
vulnerability VCID-3stp-shy4-dudr
2
vulnerability VCID-3tbz-jcb2-4fdn
3
vulnerability VCID-43wz-3reu-s3ep
4
vulnerability VCID-5fgp-pcfw-33gk
5
vulnerability VCID-66cm-6sgb-bqft
6
vulnerability VCID-arh5-tp1n-nubq
7
vulnerability VCID-g7rm-55dm-tybk
8
vulnerability VCID-jg9y-53m4-5bb6
9
vulnerability VCID-k689-rvyd-e3hp
10
vulnerability VCID-mmge-uj6j-k3c2
11
vulnerability VCID-nmup-uep4-b7hw
12
vulnerability VCID-pg5k-2upe-dudk
13
vulnerability VCID-ry9q-34p9-auh6
14
vulnerability VCID-tug1-g6m1-j3f3
15
vulnerability VCID-v54a-sjgy-b7ca
16
vulnerability VCID-z5ga-q6zr-3kb5
17
vulnerability VCID-zvev-sm5c-suh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.28.0rc1
1
url pkg:pypi/matrix-synapse@1.28.0
purl pkg:pypi/matrix-synapse@1.28.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3stp-shy4-dudr
1
vulnerability VCID-3tbz-jcb2-4fdn
2
vulnerability VCID-43wz-3reu-s3ep
3
vulnerability VCID-5fgp-pcfw-33gk
4
vulnerability VCID-66cm-6sgb-bqft
5
vulnerability VCID-arh5-tp1n-nubq
6
vulnerability VCID-g7rm-55dm-tybk
7
vulnerability VCID-jg9y-53m4-5bb6
8
vulnerability VCID-mmge-uj6j-k3c2
9
vulnerability VCID-nmup-uep4-b7hw
10
vulnerability VCID-pg5k-2upe-dudk
11
vulnerability VCID-ry9q-34p9-auh6
12
vulnerability VCID-tug1-g6m1-j3f3
13
vulnerability VCID-v54a-sjgy-b7ca
14
vulnerability VCID-z5ga-q6zr-3kb5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.28.0
aliases CVE-2021-21392, GHSA-5wrh-4jwv-5w78, PYSEC-2021-25
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1cxk-wn3b-jycq
1
url VCID-3stp-shy4-dudr
vulnerability_id VCID-3stp-shy4-dudr
summary Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31052
reference_id
reference_type
scores
0
value 0.00376
scoring_system epss
scoring_elements 0.59458
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31052
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333
3
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-224.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-224.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
9
reference_url https://spec.matrix.org/v1.2/client-server-api/#get_matrixmediav3preview_url
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://spec.matrix.org/v1.2/client-server-api/#get_matrixmediav3preview_url
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
reference_id 7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31052
reference_id CVE-2022-31052
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31052
12
reference_url https://github.com/advisories/GHSA-22p3-qrh9-cx32
reference_id GHSA-22p3-qrh9-cx32
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22p3-qrh9-cx32
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
reference_id QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.61.1
purl pkg:pypi/matrix-synapse@1.61.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5fgp-pcfw-33gk
1
vulnerability VCID-66cm-6sgb-bqft
2
vulnerability VCID-9wuf-2wxr-z7a8
3
vulnerability VCID-g7rm-55dm-tybk
4
vulnerability VCID-mmge-uj6j-k3c2
5
vulnerability VCID-nmup-uep4-b7hw
6
vulnerability VCID-pg5k-2upe-dudk
7
vulnerability VCID-ry9q-34p9-auh6
8
vulnerability VCID-tug1-g6m1-j3f3
9
vulnerability VCID-v54a-sjgy-b7ca
10
vulnerability VCID-z5ga-q6zr-3kb5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.61.1
aliases CVE-2022-31052, GHSA-22p3-qrh9-cx32, PYSEC-2022-224
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3stp-shy4-dudr
2
url VCID-3tbz-jcb2-4fdn
vulnerability_id VCID-3tbz-jcb2-4fdn
summary directory traversal
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41281
reference_id
reference_type
scores
0
value 0.00545
scoring_system epss
scoring_elements 0.68092
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41281
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/91f2bd090
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/91f2bd090
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.47.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.47.1
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-436.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-436.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EU7QRE55U4IUEDLKT5IYPWL3UXMELFAS
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EU7QRE55U4IUEDLKT5IYPWL3UXMELFAS
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N3WY56LCEZ4ZECLWV5KMAXF2PSMUB4F2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N3WY56LCEZ4ZECLWV5KMAXF2PSMUB4F2
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000451
reference_id 1000451
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000451
9
reference_url https://security.archlinux.org/AVG-2581
reference_id AVG-2581
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2581
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41281
reference_id CVE-2021-41281
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41281
11
reference_url https://github.com/advisories/GHSA-3hfw-x7gx-437c
reference_id GHSA-3hfw-x7gx-437c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3hfw-x7gx-437c
fixed_packages
0
url pkg:pypi/matrix-synapse@1.47.1
purl pkg:pypi/matrix-synapse@1.47.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3stp-shy4-dudr
1
vulnerability VCID-5fgp-pcfw-33gk
2
vulnerability VCID-66cm-6sgb-bqft
3
vulnerability VCID-9wuf-2wxr-z7a8
4
vulnerability VCID-g7rm-55dm-tybk
5
vulnerability VCID-mmge-uj6j-k3c2
6
vulnerability VCID-nmup-uep4-b7hw
7
vulnerability VCID-pg5k-2upe-dudk
8
vulnerability VCID-ry9q-34p9-auh6
9
vulnerability VCID-tug1-g6m1-j3f3
10
vulnerability VCID-v54a-sjgy-b7ca
11
vulnerability VCID-z5ga-q6zr-3kb5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.47.1
aliases CVE-2021-41281, GHSA-3hfw-x7gx-437c, PYSEC-2021-436
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tbz-jcb2-4fdn
3
url VCID-43wz-3reu-s3ep
vulnerability_id VCID-43wz-3reu-s3ep
summary information disclosure
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39163
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.41926
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39163
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/cb35df940a
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/cb35df940a
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.41.1
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.41.1
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-424.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-424.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/
10
reference_url https://security.archlinux.org/AVG-2334
reference_id AVG-2334
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2334
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39163
reference_id CVE-2021-39163
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39163
12
reference_url https://github.com/advisories/GHSA-jj53-8fmw-f2w2
reference_id GHSA-jj53-8fmw-f2w2
reference_type
scores
url https://github.com/advisories/GHSA-jj53-8fmw-f2w2
fixed_packages
0
url pkg:pypi/matrix-synapse@1.41.1
purl pkg:pypi/matrix-synapse@1.41.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3stp-shy4-dudr
1
vulnerability VCID-3tbz-jcb2-4fdn
2
vulnerability VCID-5fgp-pcfw-33gk
3
vulnerability VCID-66cm-6sgb-bqft
4
vulnerability VCID-9wuf-2wxr-z7a8
5
vulnerability VCID-g7rm-55dm-tybk
6
vulnerability VCID-mmge-uj6j-k3c2
7
vulnerability VCID-nmup-uep4-b7hw
8
vulnerability VCID-pg5k-2upe-dudk
9
vulnerability VCID-ry9q-34p9-auh6
10
vulnerability VCID-tug1-g6m1-j3f3
11
vulnerability VCID-v54a-sjgy-b7ca
12
vulnerability VCID-z5ga-q6zr-3kb5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.41.1
aliases CVE-2021-39163, GHSA-jj53-8fmw-f2w2, PYSEC-2021-424
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43wz-3reu-s3ep
4
url VCID-5b91-nm22-5uh4
vulnerability_id VCID-5b91-nm22-5uh4
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21333
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.59988
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21333
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df
3
reference_url https://github.com/matrix-org/synapse/pull/9200
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9200
4
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.27.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.27.0
5
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-c5f8-35qr-q4fm
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-c5f8-35qr-q4fm
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-134.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-134.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21333
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21333
fixed_packages
0
url pkg:pypi/matrix-synapse@1.27.0
purl pkg:pypi/matrix-synapse@1.27.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cxk-wn3b-jycq
1
vulnerability VCID-3stp-shy4-dudr
2
vulnerability VCID-3tbz-jcb2-4fdn
3
vulnerability VCID-43wz-3reu-s3ep
4
vulnerability VCID-5fgp-pcfw-33gk
5
vulnerability VCID-66cm-6sgb-bqft
6
vulnerability VCID-arh5-tp1n-nubq
7
vulnerability VCID-g7rm-55dm-tybk
8
vulnerability VCID-jg9y-53m4-5bb6
9
vulnerability VCID-k689-rvyd-e3hp
10
vulnerability VCID-mmge-uj6j-k3c2
11
vulnerability VCID-nmup-uep4-b7hw
12
vulnerability VCID-pg5k-2upe-dudk
13
vulnerability VCID-ry9q-34p9-auh6
14
vulnerability VCID-tug1-g6m1-j3f3
15
vulnerability VCID-v54a-sjgy-b7ca
16
vulnerability VCID-z5ga-q6zr-3kb5
17
vulnerability VCID-zvev-sm5c-suh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.27.0
aliases CVE-2021-21333, GHSA-c5f8-35qr-q4fm, PYSEC-2021-134
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5b91-nm22-5uh4
5
url VCID-5fgp-pcfw-33gk
vulnerability_id VCID-5fgp-pcfw-33gk
summary Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45129.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45129.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45129
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.50246
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45129
2
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
3
reference_url https://github.com/matrix-org/synapse/commit/f84da3c32ec74cf054e2fd6d10618aa4997cffaa
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/f84da3c32ec74cf054e2fd6d10618aa4997cffaa
4
reference_url https://github.com/matrix-org/synapse/pull/16360
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/16360
5
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-199.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-199.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEVRB4MG5UXQ5RLZHSUJXM5GWEBYYS5B
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEVRB4MG5UXQ5RLZHSUJXM5GWEBYYS5B
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRO4MPQ6HOXIUZM6RJP6VTCTMV7RD2T3
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRO4MPQ6HOXIUZM6RJP6VTCTMV7RD2T3
10
reference_url https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version
11
reference_url https://security.gentoo.org/glsa/202401-12
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202401-12
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243128
reference_id 2243128
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243128
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45129
reference_id CVE-2023-45129
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45129
14
reference_url https://github.com/advisories/GHSA-5chr-wjw5-3gq4
reference_id GHSA-5chr-wjw5-3gq4
reference_type
scores
url https://github.com/advisories/GHSA-5chr-wjw5-3gq4
fixed_packages
0
url pkg:pypi/matrix-synapse@1.94.0
purl pkg:pypi/matrix-synapse@1.94.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g7rm-55dm-tybk
1
vulnerability VCID-nmup-uep4-b7hw
2
vulnerability VCID-ry9q-34p9-auh6
3
vulnerability VCID-tug1-g6m1-j3f3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.94.0
aliases CVE-2023-45129, GHSA-5chr-wjw5-3gq4, PYSEC-2023-199
risk_score 2.2
exploitability 0.5
weighted_severity 4.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5fgp-pcfw-33gk
6
url VCID-66cm-6sgb-bqft
vulnerability_id VCID-66cm-6sgb-bqft
summary Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39335
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35159
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39335
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/issues/13288
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:45:19Z/
url https://github.com/matrix-org/synapse/issues/13288
3
reference_url https://github.com/matrix-org/synapse/pull/13823
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:45:19Z/
url https://github.com/matrix-org/synapse/pull/13823
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:45:19Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-65.yaml
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-65.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39335
reference_id CVE-2022-39335
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39335
8
reference_url https://github.com/advisories/GHSA-45cj-f97f-ggwv
reference_id GHSA-45cj-f97f-ggwv
reference_type
scores
url https://github.com/advisories/GHSA-45cj-f97f-ggwv
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS/
reference_id T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:45:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS/
10
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.69.0
purl pkg:pypi/matrix-synapse@1.69.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5fgp-pcfw-33gk
1
vulnerability VCID-9wuf-2wxr-z7a8
2
vulnerability VCID-g7rm-55dm-tybk
3
vulnerability VCID-nmup-uep4-b7hw
4
vulnerability VCID-pg5k-2upe-dudk
5
vulnerability VCID-ry9q-34p9-auh6
6
vulnerability VCID-tug1-g6m1-j3f3
7
vulnerability VCID-v54a-sjgy-b7ca
8
vulnerability VCID-x5jc-ezaq-xudd
9
vulnerability VCID-z5ga-q6zr-3kb5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.69.0
aliases CVE-2022-39335, GHSA-45cj-f97f-ggwv, PYSEC-2023-65
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66cm-6sgb-bqft
7
url VCID-arh5-tp1n-nubq
vulnerability_id VCID-arh5-tp1n-nubq
summary information disclosure
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39164
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50746
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39164
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/cb35df940a
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/cb35df940a
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.41.1
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.41.1
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-425.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-425.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/
10
reference_url https://security.archlinux.org/AVG-2334
reference_id AVG-2334
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2334
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39164
reference_id CVE-2021-39164
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39164
12
reference_url https://github.com/advisories/GHSA-3x4c-pq33-4w3q
reference_id GHSA-3x4c-pq33-4w3q
reference_type
scores
url https://github.com/advisories/GHSA-3x4c-pq33-4w3q
fixed_packages
0
url pkg:pypi/matrix-synapse@1.41.1
purl pkg:pypi/matrix-synapse@1.41.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3stp-shy4-dudr
1
vulnerability VCID-3tbz-jcb2-4fdn
2
vulnerability VCID-5fgp-pcfw-33gk
3
vulnerability VCID-66cm-6sgb-bqft
4
vulnerability VCID-9wuf-2wxr-z7a8
5
vulnerability VCID-g7rm-55dm-tybk
6
vulnerability VCID-mmge-uj6j-k3c2
7
vulnerability VCID-nmup-uep4-b7hw
8
vulnerability VCID-pg5k-2upe-dudk
9
vulnerability VCID-ry9q-34p9-auh6
10
vulnerability VCID-tug1-g6m1-j3f3
11
vulnerability VCID-v54a-sjgy-b7ca
12
vulnerability VCID-z5ga-q6zr-3kb5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.41.1
aliases CVE-2021-39164, GHSA-3x4c-pq33-4w3q, PYSEC-2021-425
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arh5-tp1n-nubq
8
url VCID-cff6-n5gz-jfhe
vulnerability_id VCID-cff6-n5gz-jfhe
summary denial of service
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26257
reference_id
reference_type
scores
0
value 0.0045
scoring_system epss
scoring_elements 0.63934
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26257
1
reference_url https://github.com/matrix-org/synapse/blob/develop/CHANGES.md#synapse-1231-2020-12-09
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/blob/develop/CHANGES.md#synapse-1231-2020-12-09
2
reference_url https://github.com/matrix-org/synapse/commit/3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b
3
reference_url https://github.com/matrix-org/synapse/pull/8776
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/8776
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2020-236.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2020-236.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DBTIU3ZNBFWZ56V4X7JIAD33V5H2GOMC
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DBTIU3ZNBFWZ56V4X7JIAD33V5H2GOMC
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DBTIU3ZNBFWZ56V4X7JIAD33V5H2GOMC/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DBTIU3ZNBFWZ56V4X7JIAD33V5H2GOMC/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR4MMYZKX5N5GYGH4H5LBUUC5TLAFHI7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR4MMYZKX5N5GYGH4H5LBUUC5TLAFHI7
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR4MMYZKX5N5GYGH4H5LBUUC5TLAFHI7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR4MMYZKX5N5GYGH4H5LBUUC5TLAFHI7/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26257
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26257
11
reference_url https://security.archlinux.org/AVG-1341
reference_id AVG-1341
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1341
fixed_packages
0
url pkg:pypi/matrix-synapse@1.23.1
purl pkg:pypi/matrix-synapse@1.23.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cxk-wn3b-jycq
1
vulnerability VCID-3stp-shy4-dudr
2
vulnerability VCID-3tbz-jcb2-4fdn
3
vulnerability VCID-43wz-3reu-s3ep
4
vulnerability VCID-5b91-nm22-5uh4
5
vulnerability VCID-5fgp-pcfw-33gk
6
vulnerability VCID-66cm-6sgb-bqft
7
vulnerability VCID-arh5-tp1n-nubq
8
vulnerability VCID-fmqv-a8qr-gqfz
9
vulnerability VCID-g7rm-55dm-tybk
10
vulnerability VCID-jg9y-53m4-5bb6
11
vulnerability VCID-k689-rvyd-e3hp
12
vulnerability VCID-mmge-uj6j-k3c2
13
vulnerability VCID-nmup-uep4-b7hw
14
vulnerability VCID-pg5k-2upe-dudk
15
vulnerability VCID-ry9q-34p9-auh6
16
vulnerability VCID-sqmn-ffjr-s7bc
17
vulnerability VCID-tug1-g6m1-j3f3
18
vulnerability VCID-v54a-sjgy-b7ca
19
vulnerability VCID-vb2z-kkev-aues
20
vulnerability VCID-z5ga-q6zr-3kb5
21
vulnerability VCID-zvev-sm5c-suh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.23.1
aliases CVE-2020-26257, GHSA-hxmp-pqch-c8mm, PYSEC-2020-236
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cff6-n5gz-jfhe
9
url VCID-fmqv-a8qr-gqfz
vulnerability_id VCID-fmqv-a8qr-gqfz
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21332
reference_id
reference_type
scores
0
value 0.00505
scoring_system epss
scoring_elements 0.66505
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21332
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df
3
reference_url https://github.com/matrix-org/synapse/pull/9200
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9200
4
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.27.0
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.27.0
5
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-133.yaml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-133.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21332
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21332
fixed_packages
0
url pkg:pypi/matrix-synapse@1.27.0
purl pkg:pypi/matrix-synapse@1.27.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cxk-wn3b-jycq
1
vulnerability VCID-3stp-shy4-dudr
2
vulnerability VCID-3tbz-jcb2-4fdn
3
vulnerability VCID-43wz-3reu-s3ep
4
vulnerability VCID-5fgp-pcfw-33gk
5
vulnerability VCID-66cm-6sgb-bqft
6
vulnerability VCID-arh5-tp1n-nubq
7
vulnerability VCID-g7rm-55dm-tybk
8
vulnerability VCID-jg9y-53m4-5bb6
9
vulnerability VCID-k689-rvyd-e3hp
10
vulnerability VCID-mmge-uj6j-k3c2
11
vulnerability VCID-nmup-uep4-b7hw
12
vulnerability VCID-pg5k-2upe-dudk
13
vulnerability VCID-ry9q-34p9-auh6
14
vulnerability VCID-tug1-g6m1-j3f3
15
vulnerability VCID-v54a-sjgy-b7ca
16
vulnerability VCID-z5ga-q6zr-3kb5
17
vulnerability VCID-zvev-sm5c-suh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.27.0
aliases CVE-2021-21332, GHSA-246w-56m2-5899, PYSEC-2021-133
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmqv-a8qr-gqfz
10
url VCID-g7rm-55dm-tybk
vulnerability_id VCID-g7rm-55dm-tybk
summary Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37302
reference_id
reference_type
scores
0
value 0.00568
scoring_system epss
scoring_elements 0.68844
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37302
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T18:55:21Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37302
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37302
fixed_packages
0
url pkg:pypi/matrix-synapse@1.106
purl pkg:pypi/matrix-synapse@1.106
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106
1
url pkg:pypi/matrix-synapse@1.106.0
purl pkg:pypi/matrix-synapse@1.106.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106.0
aliases CVE-2024-37302, GHSA-4mhg-xv73-xq2x, PYSEC-2024-286
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g7rm-55dm-tybk
11
url VCID-jg9y-53m4-5bb6
vulnerability_id VCID-jg9y-53m4-5bb6
summary denial of service
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29471
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56765
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29471
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.33.2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.33.2
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-135.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-135.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29471
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29471
8
reference_url https://security.archlinux.org/ASA-202105-19
reference_id ASA-202105-19
reference_type
scores
url https://security.archlinux.org/ASA-202105-19
9
reference_url https://security.archlinux.org/AVG-1943
reference_id AVG-1943
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1943
fixed_packages
0
url pkg:pypi/matrix-synapse@1.33.2
purl pkg:pypi/matrix-synapse@1.33.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3stp-shy4-dudr
1
vulnerability VCID-3tbz-jcb2-4fdn
2
vulnerability VCID-43wz-3reu-s3ep
3
vulnerability VCID-5fgp-pcfw-33gk
4
vulnerability VCID-66cm-6sgb-bqft
5
vulnerability VCID-arh5-tp1n-nubq
6
vulnerability VCID-g7rm-55dm-tybk
7
vulnerability VCID-mmge-uj6j-k3c2
8
vulnerability VCID-nmup-uep4-b7hw
9
vulnerability VCID-pg5k-2upe-dudk
10
vulnerability VCID-ry9q-34p9-auh6
11
vulnerability VCID-tug1-g6m1-j3f3
12
vulnerability VCID-v54a-sjgy-b7ca
13
vulnerability VCID-z5ga-q6zr-3kb5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.33.2
aliases CVE-2021-29471, GHSA-x345-32rc-8h85, PYSEC-2021-135
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jg9y-53m4-5bb6
12
url VCID-k689-rvyd-e3hp
vulnerability_id VCID-k689-rvyd-e3hp
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21394
reference_id
reference_type
scores
0
value 0.00519
scoring_system epss
scoring_elements 0.67078
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21394
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/pull/9321
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9321
3
reference_url https://github.com/matrix-org/synapse/pull/9393
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9393
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-27.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-27.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21394
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21394
8
reference_url https://pypi.org/project/matrix-synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/matrix-synapse
9
reference_url https://pypi.org/project/matrix-synapse/
reference_id
reference_type
scores
url https://pypi.org/project/matrix-synapse/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.28.0
purl pkg:pypi/matrix-synapse@1.28.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3stp-shy4-dudr
1
vulnerability VCID-3tbz-jcb2-4fdn
2
vulnerability VCID-43wz-3reu-s3ep
3
vulnerability VCID-5fgp-pcfw-33gk
4
vulnerability VCID-66cm-6sgb-bqft
5
vulnerability VCID-arh5-tp1n-nubq
6
vulnerability VCID-g7rm-55dm-tybk
7
vulnerability VCID-jg9y-53m4-5bb6
8
vulnerability VCID-mmge-uj6j-k3c2
9
vulnerability VCID-nmup-uep4-b7hw
10
vulnerability VCID-pg5k-2upe-dudk
11
vulnerability VCID-ry9q-34p9-auh6
12
vulnerability VCID-tug1-g6m1-j3f3
13
vulnerability VCID-v54a-sjgy-b7ca
14
vulnerability VCID-z5ga-q6zr-3kb5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.28.0
aliases CVE-2021-21394, GHSA-w9fg-xffh-p362, PYSEC-2021-27
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k689-rvyd-e3hp
13
url VCID-mmge-uj6j-k3c2
vulnerability_id VCID-mmge-uj6j-k3c2
summary Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31152
reference_id
reference_type
scores
0
value 0.00731
scoring_system epss
scoring_elements 0.73006
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31152
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/d4b1c0d800eaa83c4d56a9cf17881ad362b9194b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/d4b1c0d800eaa83c4d56a9cf17881ad362b9194b
3
reference_url https://github.com/matrix-org/synapse/commit/e16ea87d0f8c4c30cad36f85488eb1f647e640b0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/e16ea87d0f8c4c30cad36f85488eb1f647e640b0
4
reference_url https://github.com/matrix-org/synapse/pull/13087
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:29Z/
url https://github.com/matrix-org/synapse/pull/13087
5
reference_url https://github.com/matrix-org/synapse/pull/13088
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:29Z/
url https://github.com/matrix-org/synapse/pull/13088
6
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.62.0
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:29Z/
url https://github.com/matrix-org/synapse/releases/tag/v1.62.0
7
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:29Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-262.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-262.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31152
reference_id CVE-2022-31152
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31152
10
reference_url https://github.com/advisories/GHSA-jhjh-776m-4765
reference_id GHSA-jhjh-776m-4765
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jhjh-776m-4765
fixed_packages
0
url pkg:pypi/matrix-synapse@1.62.0rc1
purl pkg:pypi/matrix-synapse@1.62.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5fgp-pcfw-33gk
1
vulnerability VCID-66cm-6sgb-bqft
2
vulnerability VCID-9wuf-2wxr-z7a8
3
vulnerability VCID-g7rm-55dm-tybk
4
vulnerability VCID-mmge-uj6j-k3c2
5
vulnerability VCID-nmup-uep4-b7hw
6
vulnerability VCID-pg5k-2upe-dudk
7
vulnerability VCID-ry9q-34p9-auh6
8
vulnerability VCID-tug1-g6m1-j3f3
9
vulnerability VCID-v54a-sjgy-b7ca
10
vulnerability VCID-z5ga-q6zr-3kb5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.62.0rc1
1
url pkg:pypi/matrix-synapse@1.62.0
purl pkg:pypi/matrix-synapse@1.62.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z78-c7my-5fbp
1
vulnerability VCID-5fgp-pcfw-33gk
2
vulnerability VCID-66cm-6sgb-bqft
3
vulnerability VCID-9wuf-2wxr-z7a8
4
vulnerability VCID-g7rm-55dm-tybk
5
vulnerability VCID-nmup-uep4-b7hw
6
vulnerability VCID-pg5k-2upe-dudk
7
vulnerability VCID-ry9q-34p9-auh6
8
vulnerability VCID-tug1-g6m1-j3f3
9
vulnerability VCID-v54a-sjgy-b7ca
10
vulnerability VCID-z5ga-q6zr-3kb5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.62.0
aliases CVE-2022-31152, GHSA-jhjh-776m-4765, PYSEC-2022-262
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmge-uj6j-k3c2
14
url VCID-nmup-uep4-b7hw
vulnerability_id VCID-nmup-uep4-b7hw
summary Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Synapse 1.106 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37303
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.57075
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37303
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T18:49:29Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr
3
reference_url https://github.com/matrix-org/matrix-spec-proposals/pull/3916
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T18:49:29Z/
url https://github.com/matrix-org/matrix-spec-proposals/pull/3916
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37303
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37303
fixed_packages
0
url pkg:pypi/matrix-synapse@1.106
purl pkg:pypi/matrix-synapse@1.106
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106
1
url pkg:pypi/matrix-synapse@1.106.0
purl pkg:pypi/matrix-synapse@1.106.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106.0
aliases CVE-2024-37303, GHSA-gjgr-7834-rhxr, PYSEC-2024-287
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmup-uep4-b7hw
15
url VCID-pg5k-2upe-dudk
vulnerability_id VCID-pg5k-2upe-dudk
summary Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32683
reference_id
reference_type
scores
0
value 0.00268
scoring_system epss
scoring_elements 0.50467
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32683
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/pull/15601
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:39Z/
url https://github.com/matrix-org/synapse/pull/15601
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.85.0
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.85.0
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:39Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-85.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-85.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037207
reference_id 1037207
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037207
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32683
reference_id CVE-2023-32683
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32683
9
reference_url https://github.com/advisories/GHSA-98px-6486-j7qc
reference_id GHSA-98px-6486-j7qc
reference_type
scores
url https://github.com/advisories/GHSA-98px-6486-j7qc
10
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
reference_id X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.85.0
purl pkg:pypi/matrix-synapse@1.85.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5fgp-pcfw-33gk
1
vulnerability VCID-9wuf-2wxr-z7a8
2
vulnerability VCID-g7rm-55dm-tybk
3
vulnerability VCID-nmup-uep4-b7hw
4
vulnerability VCID-ry9q-34p9-auh6
5
vulnerability VCID-tug1-g6m1-j3f3
6
vulnerability VCID-x5jc-ezaq-xudd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.85.0
aliases CVE-2023-32683, GHSA-98px-6486-j7qc, PYSEC-2023-85
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pg5k-2upe-dudk
16
url VCID-ry9q-34p9-auh6
vulnerability_id VCID-ry9q-34p9-auh6
summary Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31208
reference_id
reference_type
scores
0
value 0.03089
scoring_system epss
scoring_elements 0.87015
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31208
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a
3
reference_url https://github.com/element-hq/synapse/releases/tag/v1.105.1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://github.com/element-hq/synapse/releases/tag/v1.105.1
4
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-50.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-50.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069763
reference_id 1069763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069763
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31208
reference_id CVE-2024-31208
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-31208
11
reference_url https://github.com/advisories/GHSA-3h7q-rfh9-xm4v
reference_id GHSA-3h7q-rfh9-xm4v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3h7q-rfh9-xm4v
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB/
reference_id R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K/
reference_id RR53FNHV446CB37TP45GZ6F6HZLZCK3K
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K/
14
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET/
reference_id VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.105.1
purl pkg:pypi/matrix-synapse@1.105.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g7rm-55dm-tybk
1
vulnerability VCID-nmup-uep4-b7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.105.1
aliases CVE-2024-31208, GHSA-3h7q-rfh9-xm4v, PYSEC-2024-50
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ry9q-34p9-auh6
17
url VCID-sh81-25ty-4bgn
vulnerability_id VCID-sh81-25ty-4bgn
summary cross-site scripting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26891
reference_id
reference_type
scores
0
value 0.00439
scoring_system epss
scoring_elements 0.63447
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26891
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/pull/8444
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/8444
3
reference_url https://github.com/matrix-org/synapse/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases
4
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.21.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.21.2
5
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2020-238.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2020-238.yaml
7
reference_url https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisory
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisory
8
reference_url https://security.archlinux.org/ASA-202011-4
reference_id ASA-202011-4
reference_type
scores
url https://security.archlinux.org/ASA-202011-4
9
reference_url https://security.archlinux.org/AVG-1252
reference_id AVG-1252
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1252
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26891
reference_id CVE-2020-26891
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26891
11
reference_url https://github.com/advisories/GHSA-3x8c-fmpc-5rmq
reference_id GHSA-3x8c-fmpc-5rmq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x8c-fmpc-5rmq
fixed_packages
0
url pkg:pypi/matrix-synapse@1.21.0
purl pkg:pypi/matrix-synapse@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cxk-wn3b-jycq
1
vulnerability VCID-3stp-shy4-dudr
2
vulnerability VCID-3tbz-jcb2-4fdn
3
vulnerability VCID-43wz-3reu-s3ep
4
vulnerability VCID-5b91-nm22-5uh4
5
vulnerability VCID-5fgp-pcfw-33gk
6
vulnerability VCID-66cm-6sgb-bqft
7
vulnerability VCID-arh5-tp1n-nubq
8
vulnerability VCID-cff6-n5gz-jfhe
9
vulnerability VCID-fmqv-a8qr-gqfz
10
vulnerability VCID-g7rm-55dm-tybk
11
vulnerability VCID-jg9y-53m4-5bb6
12
vulnerability VCID-k689-rvyd-e3hp
13
vulnerability VCID-mmge-uj6j-k3c2
14
vulnerability VCID-nmup-uep4-b7hw
15
vulnerability VCID-pg5k-2upe-dudk
16
vulnerability VCID-ry9q-34p9-auh6
17
vulnerability VCID-sqmn-ffjr-s7bc
18
vulnerability VCID-tug1-g6m1-j3f3
19
vulnerability VCID-v54a-sjgy-b7ca
20
vulnerability VCID-vb2z-kkev-aues
21
vulnerability VCID-z5ga-q6zr-3kb5
22
vulnerability VCID-zvev-sm5c-suh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.21.0
aliases CVE-2020-26891, GHSA-3x8c-fmpc-5rmq, PYSEC-2020-238
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sh81-25ty-4bgn
18
url VCID-sqmn-ffjr-s7bc
vulnerability_id VCID-sqmn-ffjr-s7bc
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21274
reference_id
reference_type
scores
0
value 0.00446
scoring_system epss
scoring_elements 0.63754
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21274
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6
3
reference_url https://github.com/matrix-org/synapse/pull/8950
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/8950
4
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.25.0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.25.0
5
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-132.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-132.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21274
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21274
fixed_packages
0
url pkg:pypi/matrix-synapse@1.25.0
purl pkg:pypi/matrix-synapse@1.25.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cxk-wn3b-jycq
1
vulnerability VCID-3stp-shy4-dudr
2
vulnerability VCID-3tbz-jcb2-4fdn
3
vulnerability VCID-43wz-3reu-s3ep
4
vulnerability VCID-5b91-nm22-5uh4
5
vulnerability VCID-5fgp-pcfw-33gk
6
vulnerability VCID-66cm-6sgb-bqft
7
vulnerability VCID-arh5-tp1n-nubq
8
vulnerability VCID-fmqv-a8qr-gqfz
9
vulnerability VCID-g7rm-55dm-tybk
10
vulnerability VCID-jg9y-53m4-5bb6
11
vulnerability VCID-k689-rvyd-e3hp
12
vulnerability VCID-mmge-uj6j-k3c2
13
vulnerability VCID-nmup-uep4-b7hw
14
vulnerability VCID-pg5k-2upe-dudk
15
vulnerability VCID-ry9q-34p9-auh6
16
vulnerability VCID-tug1-g6m1-j3f3
17
vulnerability VCID-v54a-sjgy-b7ca
18
vulnerability VCID-z5ga-q6zr-3kb5
19
vulnerability VCID-zvev-sm5c-suh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.25.0
aliases CVE-2021-21274, GHSA-2hwx-mjrm-v3g8, PYSEC-2021-132
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sqmn-ffjr-s7bc
19
url VCID-tug1-g6m1-j3f3
vulnerability_id VCID-tug1-g6m1-j3f3
summary Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43796
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.50135
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43796
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f
3
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-230.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-230.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY
7
reference_url https://security.gentoo.org/glsa/202401-12
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202401-12
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055255
reference_id 1055255
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055255
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43796
reference_id CVE-2023-43796
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43796
10
reference_url https://github.com/advisories/GHSA-mp92-3jfm-3575
reference_id GHSA-mp92-3jfm-3575
reference_type
scores
url https://github.com/advisories/GHSA-mp92-3jfm-3575
11
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.95.1
purl pkg:pypi/matrix-synapse@1.95.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g7rm-55dm-tybk
1
vulnerability VCID-nmup-uep4-b7hw
2
vulnerability VCID-ry9q-34p9-auh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.95.1
aliases CVE-2023-43796, GHSA-mp92-3jfm-3575, PYSEC-2023-230
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tug1-g6m1-j3f3
20
url VCID-v54a-sjgy-b7ca
vulnerability_id VCID-v54a-sjgy-b7ca
summary Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user's password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user's password after they've been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32682
reference_id
reference_type
scores
0
value 0.00975
scoring_system epss
scoring_elements 0.76996
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32682
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/issues/12274
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/issues/12274
3
reference_url https://github.com/matrix-org/synapse/pull/15624
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://github.com/matrix-org/synapse/pull/15624
4
reference_url https://github.com/matrix-org/synapse/pull/15634
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://github.com/matrix-org/synapse/pull/15634
5
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.85.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.85.0
6
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-84.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-84.yaml
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
9
reference_url https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account
10
reference_url https://matrix-org.github.io/synapse/latest/jwt.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://matrix-org.github.io/synapse/latest/jwt.html
11
reference_url https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037207
reference_id 1037207
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037207
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32682
reference_id CVE-2023-32682
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32682
14
reference_url https://github.com/advisories/GHSA-26c5-ppr8-f33p
reference_id GHSA-26c5-ppr8-f33p
reference_type
scores
url https://github.com/advisories/GHSA-26c5-ppr8-f33p
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
reference_id X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.85.0
purl pkg:pypi/matrix-synapse@1.85.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5fgp-pcfw-33gk
1
vulnerability VCID-9wuf-2wxr-z7a8
2
vulnerability VCID-g7rm-55dm-tybk
3
vulnerability VCID-nmup-uep4-b7hw
4
vulnerability VCID-ry9q-34p9-auh6
5
vulnerability VCID-tug1-g6m1-j3f3
6
vulnerability VCID-x5jc-ezaq-xudd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.85.0
aliases CVE-2023-32682, GHSA-26c5-ppr8-f33p, PYSEC-2023-84
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v54a-sjgy-b7ca
21
url VCID-vb2z-kkev-aues
vulnerability_id VCID-vb2z-kkev-aues
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21273
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55523
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21273
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746
3
reference_url https://github.com/matrix-org/synapse/pull/8821
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/8821
4
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.25.0
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.25.0
5
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-131.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-131.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21273
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21273
fixed_packages
0
url pkg:pypi/matrix-synapse@1.25.0
purl pkg:pypi/matrix-synapse@1.25.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cxk-wn3b-jycq
1
vulnerability VCID-3stp-shy4-dudr
2
vulnerability VCID-3tbz-jcb2-4fdn
3
vulnerability VCID-43wz-3reu-s3ep
4
vulnerability VCID-5b91-nm22-5uh4
5
vulnerability VCID-5fgp-pcfw-33gk
6
vulnerability VCID-66cm-6sgb-bqft
7
vulnerability VCID-arh5-tp1n-nubq
8
vulnerability VCID-fmqv-a8qr-gqfz
9
vulnerability VCID-g7rm-55dm-tybk
10
vulnerability VCID-jg9y-53m4-5bb6
11
vulnerability VCID-k689-rvyd-e3hp
12
vulnerability VCID-mmge-uj6j-k3c2
13
vulnerability VCID-nmup-uep4-b7hw
14
vulnerability VCID-pg5k-2upe-dudk
15
vulnerability VCID-ry9q-34p9-auh6
16
vulnerability VCID-tug1-g6m1-j3f3
17
vulnerability VCID-v54a-sjgy-b7ca
18
vulnerability VCID-z5ga-q6zr-3kb5
19
vulnerability VCID-zvev-sm5c-suh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.25.0
aliases CVE-2021-21273, GHSA-v936-j8gp-9q3p, PYSEC-2021-131
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vb2z-kkev-aues
22
url VCID-z5ga-q6zr-3kb5
vulnerability_id VCID-z5ga-q6zr-3kb5
summary Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32323
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33116
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32323
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/issues/14492
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:00:17Z/
url https://github.com/matrix-org/synapse/issues/14492
3
reference_url https://github.com/matrix-org/synapse/pull/14642
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:00:17Z/
url https://github.com/matrix-org/synapse/pull/14642
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-f3wc-3vxv-xmvr
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:00:17Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-f3wc-3vxv-xmvr
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-67.yaml
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-67.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32323
reference_id CVE-2023-32323
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32323
8
reference_url https://github.com/advisories/GHSA-f3wc-3vxv-xmvr
reference_id GHSA-f3wc-3vxv-xmvr
reference_type
scores
url https://github.com/advisories/GHSA-f3wc-3vxv-xmvr
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/
reference_id UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:00:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.74.0
purl pkg:pypi/matrix-synapse@1.74.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5fgp-pcfw-33gk
1
vulnerability VCID-9wuf-2wxr-z7a8
2
vulnerability VCID-g7rm-55dm-tybk
3
vulnerability VCID-nmup-uep4-b7hw
4
vulnerability VCID-pg5k-2upe-dudk
5
vulnerability VCID-ry9q-34p9-auh6
6
vulnerability VCID-tug1-g6m1-j3f3
7
vulnerability VCID-v54a-sjgy-b7ca
8
vulnerability VCID-x5jc-ezaq-xudd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.74.0
aliases CVE-2023-32323, GHSA-f3wc-3vxv-xmvr, PYSEC-2023-67
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5ga-q6zr-3kb5
23
url VCID-zdxd-83uy-hbad
vulnerability_id VCID-zdxd-83uy-hbad
summary denial of service
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26890
reference_id
reference_type
scores
0
value 0.00572
scoring_system epss
scoring_elements 0.69005
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26890
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2020-237.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2020-237.yaml
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7YXMMYQP46PYL664JQUXCA3LPBJU7DQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7YXMMYQP46PYL664JQUXCA3LPBJU7DQ
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7YXMMYQP46PYL664JQUXCA3LPBJU7DQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7YXMMYQP46PYL664JQUXCA3LPBJU7DQ/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U34DPP4ZLOEDUY2ZCWOHQPU5GA5LYNUQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U34DPP4ZLOEDUY2ZCWOHQPU5GA5LYNUQ
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U34DPP4ZLOEDUY2ZCWOHQPU5GA5LYNUQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U34DPP4ZLOEDUY2ZCWOHQPU5GA5LYNUQ/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26890
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26890
9
reference_url https://pypi.org/project/matrix-synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/matrix-synapse
10
reference_url https://security.archlinux.org/ASA-202011-23
reference_id ASA-202011-23
reference_type
scores
url https://security.archlinux.org/ASA-202011-23
11
reference_url https://security.archlinux.org/AVG-1296
reference_id AVG-1296
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1296
fixed_packages
0
url pkg:pypi/matrix-synapse@1.20.0
purl pkg:pypi/matrix-synapse@1.20.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cxk-wn3b-jycq
1
vulnerability VCID-3stp-shy4-dudr
2
vulnerability VCID-3tbz-jcb2-4fdn
3
vulnerability VCID-43wz-3reu-s3ep
4
vulnerability VCID-5b91-nm22-5uh4
5
vulnerability VCID-5fgp-pcfw-33gk
6
vulnerability VCID-66cm-6sgb-bqft
7
vulnerability VCID-arh5-tp1n-nubq
8
vulnerability VCID-cff6-n5gz-jfhe
9
vulnerability VCID-fmqv-a8qr-gqfz
10
vulnerability VCID-g7rm-55dm-tybk
11
vulnerability VCID-jg9y-53m4-5bb6
12
vulnerability VCID-k689-rvyd-e3hp
13
vulnerability VCID-mmge-uj6j-k3c2
14
vulnerability VCID-nmup-uep4-b7hw
15
vulnerability VCID-pg5k-2upe-dudk
16
vulnerability VCID-ry9q-34p9-auh6
17
vulnerability VCID-sh81-25ty-4bgn
18
vulnerability VCID-sqmn-ffjr-s7bc
19
vulnerability VCID-tug1-g6m1-j3f3
20
vulnerability VCID-v54a-sjgy-b7ca
21
vulnerability VCID-vb2z-kkev-aues
22
vulnerability VCID-z5ga-q6zr-3kb5
23
vulnerability VCID-zvev-sm5c-suh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.20.0
aliases CVE-2020-26890, GHSA-4mp3-385r-v63f, PYSEC-2020-237
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zdxd-83uy-hbad
24
url VCID-zvev-sm5c-suh6
vulnerability_id VCID-zvev-sm5c-suh6
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21393
reference_id
reference_type
scores
0
value 0.00548
scoring_system epss
scoring_elements 0.68204
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21393
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/3f58fc848d0002de4605bed91603a1f9f245d128
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/3f58fc848d0002de4605bed91603a1f9f245d128
3
reference_url https://github.com/matrix-org/synapse/commit/d2f0ec12d5c8f113095408888e87e191ac546499
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/d2f0ec12d5c8f113095408888e87e191ac546499
4
reference_url https://github.com/matrix-org/synapse/pull/9321
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9321
5
reference_url https://github.com/matrix-org/synapse/pull/9393
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9393
6
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-26.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-26.yaml
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21393
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21393
10
reference_url https://pypi.org/project/matrix-synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/matrix-synapse
11
reference_url https://pypi.org/project/matrix-synapse/
reference_id
reference_type
scores
url https://pypi.org/project/matrix-synapse/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.28.0
purl pkg:pypi/matrix-synapse@1.28.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3stp-shy4-dudr
1
vulnerability VCID-3tbz-jcb2-4fdn
2
vulnerability VCID-43wz-3reu-s3ep
3
vulnerability VCID-5fgp-pcfw-33gk
4
vulnerability VCID-66cm-6sgb-bqft
5
vulnerability VCID-arh5-tp1n-nubq
6
vulnerability VCID-g7rm-55dm-tybk
7
vulnerability VCID-jg9y-53m4-5bb6
8
vulnerability VCID-mmge-uj6j-k3c2
9
vulnerability VCID-nmup-uep4-b7hw
10
vulnerability VCID-pg5k-2upe-dudk
11
vulnerability VCID-ry9q-34p9-auh6
12
vulnerability VCID-tug1-g6m1-j3f3
13
vulnerability VCID-v54a-sjgy-b7ca
14
vulnerability VCID-z5ga-q6zr-3kb5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.28.0
aliases CVE-2021-21393, GHSA-jrh7-mhhx-6h88, PYSEC-2021-26
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvev-sm5c-suh6
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.5.1