Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/matrix-synapse@1.31.0
Typepypi
Namespace
Namematrix-synapse
Version1.31.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.152.1
Latest_non_vulnerable_version1.152.1
Affected_by_vulnerabilities
0
url VCID-1xwm-33sy-3qfv
vulnerability_id VCID-1xwm-33sy-3qfv
summary Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This vulnerability is fixed in 1.152.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45076
reference_id
reference_type
scores
0
value 0.00091
scoring_system epss
scoring_elements 0.25759
published_at 2026-06-11T12:55:00Z
1
value 0.00091
scoring_system epss
scoring_elements 0.25959
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45076
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2026-194.yaml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2026-194.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45076
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45076
4
reference_url https://github.com/advisories/GHSA-6qf2-7x63-mm6v
reference_id GHSA-6qf2-7x63-mm6v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qf2-7x63-mm6v
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-6qf2-7x63-mm6v
reference_id GHSA-6qf2-7x63-mm6v
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T14:51:22Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-6qf2-7x63-mm6v
fixed_packages
0
url pkg:pypi/matrix-synapse@1.152.1
purl pkg:pypi/matrix-synapse@1.152.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.152.1
aliases CVE-2026-45076, CVE-2026-45076,, GHSA-6qf2-7x63-mm6v, PYSEC-2026-194
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xwm-33sy-3qfv
1
url VCID-27ht-47d2-77f6
vulnerability_id VCID-27ht-47d2-77f6
summary Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31152
reference_id
reference_type
scores
0
value 0.00731
scoring_system epss
scoring_elements 0.73228
published_at 2026-06-12T12:55:00Z
1
value 0.00731
scoring_system epss
scoring_elements 0.73151
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31152
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/d4b1c0d800eaa83c4d56a9cf17881ad362b9194b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/d4b1c0d800eaa83c4d56a9cf17881ad362b9194b
3
reference_url https://github.com/matrix-org/synapse/commit/e16ea87d0f8c4c30cad36f85488eb1f647e640b0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/e16ea87d0f8c4c30cad36f85488eb1f647e640b0
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-262.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-262.yaml
5
reference_url https://github.com/matrix-org/synapse/pull/13087
reference_id 13087
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:29Z/
url https://github.com/matrix-org/synapse/pull/13087
6
reference_url https://github.com/matrix-org/synapse/pull/13088
reference_id 13088
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:29Z/
url https://github.com/matrix-org/synapse/pull/13088
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31152
reference_id CVE-2022-31152
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31152
8
reference_url https://github.com/advisories/GHSA-jhjh-776m-4765
reference_id GHSA-jhjh-776m-4765
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jhjh-776m-4765
9
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765
reference_id GHSA-jhjh-776m-4765
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:29Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765
10
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.62.0
reference_id v1.62.0
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:29Z/
url https://github.com/matrix-org/synapse/releases/tag/v1.62.0
fixed_packages
0
url pkg:pypi/matrix-synapse@1.62.0rc1
purl pkg:pypi/matrix-synapse@1.62.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-bkk8-srvr-pqfj
9
vulnerability VCID-c1vt-9j6a-b7cr
10
vulnerability VCID-hqwh-2un3-bqd8
11
vulnerability VCID-n8mv-4upg-hfa3
12
vulnerability VCID-p9ck-pwqp-qyc7
13
vulnerability VCID-rcdd-qkxt-nuez
14
vulnerability VCID-s1jf-x5ug-jqcq
15
vulnerability VCID-y6j7-eetd-pkfh
16
vulnerability VCID-yync-gs3f-nyax
17
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.62.0rc1
1
url pkg:pypi/matrix-synapse@1.62.0
purl pkg:pypi/matrix-synapse@1.62.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-5h97-3s9w-c3ab
4
vulnerability VCID-7v7h-zrjj-pkh3
5
vulnerability VCID-8n5g-1zby-77gj
6
vulnerability VCID-9uhc-e3bj-nqg7
7
vulnerability VCID-bkk8-srvr-pqfj
8
vulnerability VCID-c1vt-9j6a-b7cr
9
vulnerability VCID-hqwh-2un3-bqd8
10
vulnerability VCID-n8mv-4upg-hfa3
11
vulnerability VCID-nhzy-spbw-hucj
12
vulnerability VCID-p9ck-pwqp-qyc7
13
vulnerability VCID-rcdd-qkxt-nuez
14
vulnerability VCID-s1jf-x5ug-jqcq
15
vulnerability VCID-y6j7-eetd-pkfh
16
vulnerability VCID-yync-gs3f-nyax
17
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.62.0
aliases CVE-2022-31152, GHSA-jhjh-776m-4765, PYSEC-2022-262
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27ht-47d2-77f6
2
url VCID-2ctw-4fy5-4ufd
vulnerability_id VCID-2ctw-4fy5-4ufd
summary Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31208
reference_id
reference_type
scores
0
value 0.0419
scoring_system epss
scoring_elements 0.8897
published_at 2026-06-11T12:55:00Z
1
value 0.0419
scoring_system epss
scoring_elements 0.89008
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31208
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-50.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-50.yaml
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069763
reference_id 1069763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069763
7
reference_url https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a
reference_id 55b0aa847a61774b6a3acdc4b177a20dc019f01a
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31208
reference_id CVE-2024-31208
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-31208
9
reference_url https://github.com/advisories/GHSA-3h7q-rfh9-xm4v
reference_id GHSA-3h7q-rfh9-xm4v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3h7q-rfh9-xm4v
10
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v
reference_id GHSA-3h7q-rfh9-xm4v
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB/
reference_id R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K/
reference_id RR53FNHV446CB37TP45GZ6F6HZLZCK3K
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K/
13
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
14
reference_url https://github.com/element-hq/synapse/releases/tag/v1.105.1
reference_id v1.105.1
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://github.com/element-hq/synapse/releases/tag/v1.105.1
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET/
reference_id VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.105.1
purl pkg:pypi/matrix-synapse@1.105.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-3ngy-dt6j-tuef
2
vulnerability VCID-7v7h-zrjj-pkh3
3
vulnerability VCID-c1vt-9j6a-b7cr
4
vulnerability VCID-hqwh-2un3-bqd8
5
vulnerability VCID-n8mv-4upg-hfa3
6
vulnerability VCID-rcdd-qkxt-nuez
7
vulnerability VCID-s1jf-x5ug-jqcq
8
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.105.1
aliases CVE-2024-31208, GHSA-3h7q-rfh9-xm4v, PYSEC-2024-50
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ctw-4fy5-4ufd
3
url VCID-3ngy-dt6j-tuef
vulnerability_id VCID-3ngy-dt6j-tuef
summary Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30355
reference_id
reference_type
scores
0
value 0.13201
scoring_system epss
scoring_elements 0.94296
published_at 2026-06-11T12:55:00Z
1
value 0.13201
scoring_system epss
scoring_elements 0.94317
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30355
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30355
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30355
3
reference_url https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389
reference_id 2277df2a1eb685f85040ef98fa21d41aa4cdd389
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:47:41Z/
url https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389
4
reference_url https://github.com/advisories/GHSA-v56r-hwv5-mxg6
reference_id GHSA-v56r-hwv5-mxg6
reference_type
scores
url https://github.com/advisories/GHSA-v56r-hwv5-mxg6
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
reference_id GHSA-v56r-hwv5-mxg6
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:47:41Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
6
reference_url https://github.com/element-hq/synapse/releases/tag/v1.127.1
reference_id v1.127.1
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:47:41Z/
url https://github.com/element-hq/synapse/releases/tag/v1.127.1
fixed_packages
0
url pkg:pypi/matrix-synapse@1.127.1
purl pkg:pypi/matrix-synapse@1.127.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-n8mv-4upg-hfa3
2
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.127.1
aliases CVE-2025-30355, GHSA-v56r-hwv5-mxg6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ngy-dt6j-tuef
4
url VCID-5h97-3s9w-c3ab
vulnerability_id VCID-5h97-3s9w-c3ab
summary Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42453
reference_id
reference_type
scores
0
value 0.00132
scoring_system epss
scoring_elements 0.32515
published_at 2026-06-12T12:55:00Z
1
value 0.00132
scoring_system epss
scoring_elements 0.32334
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42453
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/63d28a88c1d18c64ea7e23b6dd7483e6d5dcf881
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/63d28a88c1d18c64ea7e23b6dd7483e6d5dcf881
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-180.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-180.yaml
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42453
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42453
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053283
reference_id 1053283
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053283
9
reference_url https://github.com/matrix-org/synapse/pull/16327
reference_id 16327
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:28:42Z/
url https://github.com/matrix-org/synapse/pull/16327
10
reference_url https://security.gentoo.org/glsa/202401-12
reference_id 202401-12
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:28:42Z/
url https://security.gentoo.org/glsa/202401-12
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/
reference_id 2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:28:42Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/
reference_id 65QPC55I4D27HIZP7H2NQ34EOXHPP4AO
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:28:42Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/
13
reference_url https://github.com/advisories/GHSA-7565-cq32-vx2x
reference_id GHSA-7565-cq32-vx2x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7565-cq32-vx2x
14
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x
reference_id GHSA-7565-cq32-vx2x
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:28:42Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/
reference_id N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:28:42Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/
16
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.93.0
purl pkg:pypi/matrix-synapse@1.93.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-7v7h-zrjj-pkh3
4
vulnerability VCID-c1vt-9j6a-b7cr
5
vulnerability VCID-hqwh-2un3-bqd8
6
vulnerability VCID-n8mv-4upg-hfa3
7
vulnerability VCID-rcdd-qkxt-nuez
8
vulnerability VCID-s1jf-x5ug-jqcq
9
vulnerability VCID-y6j7-eetd-pkfh
10
vulnerability VCID-yync-gs3f-nyax
11
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.93.0
aliases CVE-2023-42453, GHSA-7565-cq32-vx2x, PYSEC-2023-180
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5h97-3s9w-c3ab
5
url VCID-7v7h-zrjj-pkh3
vulnerability_id VCID-7v7h-zrjj-pkh3
summary Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37302
reference_id
reference_type
scores
0
value 0.00568
scoring_system epss
scoring_elements 0.69089
published_at 2026-06-12T12:55:00Z
1
value 0.00568
scoring_system epss
scoring_elements 0.68997
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37302
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-286.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-286.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37302
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37302
4
reference_url https://github.com/advisories/GHSA-4mhg-xv73-xq2x
reference_id GHSA-4mhg-xv73-xq2x
reference_type
scores
url https://github.com/advisories/GHSA-4mhg-xv73-xq2x
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x
reference_id GHSA-4mhg-xv73-xq2x
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T18:55:21Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x
fixed_packages
0
url pkg:pypi/matrix-synapse@1.106
purl pkg:pypi/matrix-synapse@1.106
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106
1
url pkg:pypi/matrix-synapse@1.106.0
purl pkg:pypi/matrix-synapse@1.106.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-3ngy-dt6j-tuef
2
vulnerability VCID-hqwh-2un3-bqd8
3
vulnerability VCID-n8mv-4upg-hfa3
4
vulnerability VCID-rcdd-qkxt-nuez
5
vulnerability VCID-s1jf-x5ug-jqcq
6
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106.0
aliases CVE-2024-37302, GHSA-4mhg-xv73-xq2x, PYSEC-2024-286
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v7h-zrjj-pkh3
6
url VCID-86br-xun2-gudx
vulnerability_id VCID-86br-xun2-gudx
summary denial of service
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29471
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56902
published_at 2026-06-11T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.57023
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29471
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.33.2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.33.2
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-135.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-135.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29471
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29471
8
reference_url https://security.archlinux.org/ASA-202105-19
reference_id ASA-202105-19
reference_type
scores
url https://security.archlinux.org/ASA-202105-19
9
reference_url https://security.archlinux.org/AVG-1943
reference_id AVG-1943
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1943
10
reference_url https://github.com/advisories/GHSA-x345-32rc-8h85
reference_id GHSA-x345-32rc-8h85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x345-32rc-8h85
fixed_packages
0
url pkg:pypi/matrix-synapse@1.33.2
purl pkg:pypi/matrix-synapse@1.33.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-b2u5-56b4-63ae
9
vulnerability VCID-bkk8-srvr-pqfj
10
vulnerability VCID-c1vt-9j6a-b7cr
11
vulnerability VCID-dux1-nmrm-xqa1
12
vulnerability VCID-g8ff-1859-ekhm
13
vulnerability VCID-hqwh-2un3-bqd8
14
vulnerability VCID-n8mv-4upg-hfa3
15
vulnerability VCID-p9ck-pwqp-qyc7
16
vulnerability VCID-rcdd-qkxt-nuez
17
vulnerability VCID-s1jf-x5ug-jqcq
18
vulnerability VCID-sz98-t7z9-bqea
19
vulnerability VCID-vns7-ssd1-8bhe
20
vulnerability VCID-y6j7-eetd-pkfh
21
vulnerability VCID-yync-gs3f-nyax
22
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.33.2
aliases CVE-2021-29471, GHSA-x345-32rc-8h85, PYSEC-2021-135
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86br-xun2-gudx
7
url VCID-8974-zsm2-ybbv
vulnerability_id VCID-8974-zsm2-ybbv
summary 
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
### Impact
Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.

### Patches
The issue is fixed by https://github.com/matrix-org/synapse/pull/9855.

### Workarounds
There are no known workarounds.

### References
n/a

### For more information
If you have any questions or comments about this advisory, email us at security@matrix.org.
references
0
reference_url https://github.com/matrix-org/synapse/pull/9855
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9855
1
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-7h5v-85w9-pq6c
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-7h5v-85w9-pq6c
2
reference_url https://github.com/advisories/GHSA-7h5v-85w9-pq6c
reference_id GHSA-7h5v-85w9-pq6c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h5v-85w9-pq6c
fixed_packages
0
url pkg:pypi/matrix-synapse@1.33.0
purl pkg:pypi/matrix-synapse@1.33.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-86br-xun2-gudx
7
vulnerability VCID-8n5g-1zby-77gj
8
vulnerability VCID-9uhc-e3bj-nqg7
9
vulnerability VCID-b2u5-56b4-63ae
10
vulnerability VCID-bkk8-srvr-pqfj
11
vulnerability VCID-c1vt-9j6a-b7cr
12
vulnerability VCID-dux1-nmrm-xqa1
13
vulnerability VCID-g8ff-1859-ekhm
14
vulnerability VCID-hqwh-2un3-bqd8
15
vulnerability VCID-n8mv-4upg-hfa3
16
vulnerability VCID-p9ck-pwqp-qyc7
17
vulnerability VCID-rcdd-qkxt-nuez
18
vulnerability VCID-s1jf-x5ug-jqcq
19
vulnerability VCID-sz98-t7z9-bqea
20
vulnerability VCID-vns7-ssd1-8bhe
21
vulnerability VCID-y6j7-eetd-pkfh
22
vulnerability VCID-yync-gs3f-nyax
23
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.33.0
aliases GHSA-7h5v-85w9-pq6c, GMS-2021-169
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8974-zsm2-ybbv
8
url VCID-8n5g-1zby-77gj
vulnerability_id VCID-8n5g-1zby-77gj
summary Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32323
reference_id
reference_type
scores
0
value 0.00142
scoring_system epss
scoring_elements 0.34178
published_at 2026-06-11T12:55:00Z
1
value 0.00142
scoring_system epss
scoring_elements 0.34356
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32323
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-67.yaml
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-67.yaml
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32323
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32323
5
reference_url https://github.com/matrix-org/synapse/issues/14492
reference_id 14492
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:00:17Z/
url https://github.com/matrix-org/synapse/issues/14492
6
reference_url https://github.com/matrix-org/synapse/pull/14642
reference_id 14642
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:00:17Z/
url https://github.com/matrix-org/synapse/pull/14642
7
reference_url https://github.com/advisories/GHSA-f3wc-3vxv-xmvr
reference_id GHSA-f3wc-3vxv-xmvr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3wc-3vxv-xmvr
8
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-f3wc-3vxv-xmvr
reference_id GHSA-f3wc-3vxv-xmvr
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:00:17Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-f3wc-3vxv-xmvr
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/
reference_id UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:00:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.74.0
purl pkg:pypi/matrix-synapse@1.74.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-5h97-3s9w-c3ab
4
vulnerability VCID-7v7h-zrjj-pkh3
5
vulnerability VCID-bkk8-srvr-pqfj
6
vulnerability VCID-c1vt-9j6a-b7cr
7
vulnerability VCID-hqwh-2un3-bqd8
8
vulnerability VCID-husr-u735-97hh
9
vulnerability VCID-n8mv-4upg-hfa3
10
vulnerability VCID-p9ck-pwqp-qyc7
11
vulnerability VCID-rcdd-qkxt-nuez
12
vulnerability VCID-s1jf-x5ug-jqcq
13
vulnerability VCID-y6j7-eetd-pkfh
14
vulnerability VCID-yync-gs3f-nyax
15
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.74.0
aliases CVE-2023-32323, GHSA-f3wc-3vxv-xmvr, PYSEC-2023-67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8n5g-1zby-77gj
9
url VCID-9uhc-e3bj-nqg7
vulnerability_id VCID-9uhc-e3bj-nqg7
summary Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39335
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33519
published_at 2026-06-11T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.33699
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39335
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-65.yaml
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-65.yaml
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39335
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39335
5
reference_url https://github.com/matrix-org/synapse/issues/13288
reference_id 13288
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:45:19Z/
url https://github.com/matrix-org/synapse/issues/13288
6
reference_url https://github.com/matrix-org/synapse/pull/13823
reference_id 13823
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:45:19Z/
url https://github.com/matrix-org/synapse/pull/13823
7
reference_url https://github.com/advisories/GHSA-45cj-f97f-ggwv
reference_id GHSA-45cj-f97f-ggwv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-45cj-f97f-ggwv
8
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv
reference_id GHSA-45cj-f97f-ggwv
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:45:19Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS/
reference_id T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:45:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS/
10
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.69.0
purl pkg:pypi/matrix-synapse@1.69.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-5h97-3s9w-c3ab
4
vulnerability VCID-7v7h-zrjj-pkh3
5
vulnerability VCID-8n5g-1zby-77gj
6
vulnerability VCID-bkk8-srvr-pqfj
7
vulnerability VCID-c1vt-9j6a-b7cr
8
vulnerability VCID-hqwh-2un3-bqd8
9
vulnerability VCID-husr-u735-97hh
10
vulnerability VCID-n8mv-4upg-hfa3
11
vulnerability VCID-p9ck-pwqp-qyc7
12
vulnerability VCID-rcdd-qkxt-nuez
13
vulnerability VCID-s1jf-x5ug-jqcq
14
vulnerability VCID-y6j7-eetd-pkfh
15
vulnerability VCID-yync-gs3f-nyax
16
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.69.0
aliases CVE-2022-39335, GHSA-45cj-f97f-ggwv, PYSEC-2023-65
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9uhc-e3bj-nqg7
10
url VCID-b2u5-56b4-63ae
vulnerability_id VCID-b2u5-56b4-63ae
summary directory traversal
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41281
reference_id
reference_type
scores
0
value 0.00545
scoring_system epss
scoring_elements 0.68239
published_at 2026-06-11T12:55:00Z
1
value 0.00545
scoring_system epss
scoring_elements 0.68327
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41281
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/91f2bd090
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/91f2bd090
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.47.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.47.1
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-436.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-436.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EU7QRE55U4IUEDLKT5IYPWL3UXMELFAS
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EU7QRE55U4IUEDLKT5IYPWL3UXMELFAS
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N3WY56LCEZ4ZECLWV5KMAXF2PSMUB4F2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N3WY56LCEZ4ZECLWV5KMAXF2PSMUB4F2
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000451
reference_id 1000451
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000451
8
reference_url https://security.archlinux.org/AVG-2581
reference_id AVG-2581
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2581
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41281
reference_id CVE-2021-41281
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41281
10
reference_url https://github.com/advisories/GHSA-3hfw-x7gx-437c
reference_id GHSA-3hfw-x7gx-437c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3hfw-x7gx-437c
11
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
reference_id GHSA-3hfw-x7gx-437c
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
fixed_packages
0
url pkg:pypi/matrix-synapse@1.47.1
purl pkg:pypi/matrix-synapse@1.47.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-bkk8-srvr-pqfj
9
vulnerability VCID-c1vt-9j6a-b7cr
10
vulnerability VCID-g8ff-1859-ekhm
11
vulnerability VCID-hqwh-2un3-bqd8
12
vulnerability VCID-n8mv-4upg-hfa3
13
vulnerability VCID-p9ck-pwqp-qyc7
14
vulnerability VCID-rcdd-qkxt-nuez
15
vulnerability VCID-s1jf-x5ug-jqcq
16
vulnerability VCID-sz98-t7z9-bqea
17
vulnerability VCID-y6j7-eetd-pkfh
18
vulnerability VCID-yync-gs3f-nyax
19
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.47.1
aliases CVE-2021-41281, GHSA-3hfw-x7gx-437c, PYSEC-2021-436
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b2u5-56b4-63ae
11
url VCID-bkk8-srvr-pqfj
vulnerability_id VCID-bkk8-srvr-pqfj
summary Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user's password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user's password after they've been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32682
reference_id
reference_type
scores
0
value 0.00956
scoring_system epss
scoring_elements 0.76937
published_at 2026-06-12T12:55:00Z
1
value 0.00956
scoring_system epss
scoring_elements 0.76866
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32682
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/issues/12274
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/issues/12274
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.85.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.85.0
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-84.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-84.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32682
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32682
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037207
reference_id 1037207
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037207
8
reference_url https://github.com/matrix-org/synapse/pull/15624
reference_id 15624
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://github.com/matrix-org/synapse/pull/15624
9
reference_url https://github.com/matrix-org/synapse/pull/15634
reference_id 15634
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://github.com/matrix-org/synapse/pull/15634
10
reference_url https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config
reference_id config_documentation.html#password_config
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config
11
reference_url https://github.com/advisories/GHSA-26c5-ppr8-f33p
reference_id GHSA-26c5-ppr8-f33p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-26c5-ppr8-f33p
12
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p
reference_id GHSA-26c5-ppr8-f33p
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p
13
reference_url https://matrix-org.github.io/synapse/latest/jwt.html
reference_id jwt.html
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://matrix-org.github.io/synapse/latest/jwt.html
14
reference_url https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account
reference_id user_admin_api.html#create-or-modify-account
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
reference_id X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.85.0
purl pkg:pypi/matrix-synapse@1.85.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-5h97-3s9w-c3ab
4
vulnerability VCID-7v7h-zrjj-pkh3
5
vulnerability VCID-c1vt-9j6a-b7cr
6
vulnerability VCID-hqwh-2un3-bqd8
7
vulnerability VCID-husr-u735-97hh
8
vulnerability VCID-n8mv-4upg-hfa3
9
vulnerability VCID-rcdd-qkxt-nuez
10
vulnerability VCID-s1jf-x5ug-jqcq
11
vulnerability VCID-y6j7-eetd-pkfh
12
vulnerability VCID-yync-gs3f-nyax
13
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.85.0
aliases CVE-2023-32682, GHSA-26c5-ppr8-f33p, PYSEC-2023-84
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bkk8-srvr-pqfj
12
url VCID-c1vt-9j6a-b7cr
vulnerability_id VCID-c1vt-9j6a-b7cr
summary Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Synapse 1.106 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37303
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.57331
published_at 2026-06-12T12:55:00Z
1
value 0.00342
scoring_system epss
scoring_elements 0.57213
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37303
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-287.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-287.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37303
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37303
4
reference_url https://github.com/matrix-org/matrix-spec-proposals/pull/3916
reference_id 3916
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T18:49:29Z/
url https://github.com/matrix-org/matrix-spec-proposals/pull/3916
5
reference_url https://github.com/advisories/GHSA-gjgr-7834-rhxr
reference_id GHSA-gjgr-7834-rhxr
reference_type
scores
url https://github.com/advisories/GHSA-gjgr-7834-rhxr
6
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr
reference_id GHSA-gjgr-7834-rhxr
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T18:49:29Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr
fixed_packages
0
url pkg:pypi/matrix-synapse@1.106
purl pkg:pypi/matrix-synapse@1.106
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106
1
url pkg:pypi/matrix-synapse@1.106.0
purl pkg:pypi/matrix-synapse@1.106.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-3ngy-dt6j-tuef
2
vulnerability VCID-hqwh-2un3-bqd8
3
vulnerability VCID-n8mv-4upg-hfa3
4
vulnerability VCID-rcdd-qkxt-nuez
5
vulnerability VCID-s1jf-x5ug-jqcq
6
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106.0
aliases CVE-2024-37303, GHSA-gjgr-7834-rhxr, PYSEC-2024-287
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1vt-9j6a-b7cr
13
url VCID-dux1-nmrm-xqa1
vulnerability_id VCID-dux1-nmrm-xqa1
summary information disclosure
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39164
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50996
published_at 2026-06-12T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50863
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39164
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/cb35df940a
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/cb35df940a
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.41.1
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.41.1
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-425.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-425.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39164
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39164
11
reference_url https://security.archlinux.org/AVG-2334
reference_id AVG-2334
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2334
12
reference_url https://github.com/advisories/GHSA-3x4c-pq33-4w3q
reference_id GHSA-3x4c-pq33-4w3q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x4c-pq33-4w3q
fixed_packages
0
url pkg:pypi/matrix-synapse@1.41.1
purl pkg:pypi/matrix-synapse@1.41.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-b2u5-56b4-63ae
9
vulnerability VCID-bkk8-srvr-pqfj
10
vulnerability VCID-c1vt-9j6a-b7cr
11
vulnerability VCID-g8ff-1859-ekhm
12
vulnerability VCID-hqwh-2un3-bqd8
13
vulnerability VCID-n8mv-4upg-hfa3
14
vulnerability VCID-p9ck-pwqp-qyc7
15
vulnerability VCID-rcdd-qkxt-nuez
16
vulnerability VCID-s1jf-x5ug-jqcq
17
vulnerability VCID-sz98-t7z9-bqea
18
vulnerability VCID-y6j7-eetd-pkfh
19
vulnerability VCID-yync-gs3f-nyax
20
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.41.1
aliases CVE-2021-39164, GHSA-3x4c-pq33-4w3q, PYSEC-2021-425
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dux1-nmrm-xqa1
14
url VCID-g8ff-1859-ekhm
vulnerability_id VCID-g8ff-1859-ekhm
summary Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31052
reference_id
reference_type
scores
0
value 0.00376
scoring_system epss
scoring_elements 0.596
published_at 2026-06-11T12:55:00Z
1
value 0.00376
scoring_system epss
scoring_elements 0.59708
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31052
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-224.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-224.yaml
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
reference_id 7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31052
reference_id CVE-2022-31052
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31052
9
reference_url https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333
reference_id fa1308061802ac7b7d20e954ba7372c5ac292333
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333
10
reference_url https://spec.matrix.org/v1.2/client-server-api/#get_matrixmediav3preview_url
reference_id #get_matrixmediav3preview_url
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://spec.matrix.org/v1.2/client-server-api/#get_matrixmediav3preview_url
11
reference_url https://github.com/advisories/GHSA-22p3-qrh9-cx32
reference_id GHSA-22p3-qrh9-cx32
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22p3-qrh9-cx32
12
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32
reference_id GHSA-22p3-qrh9-cx32
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
reference_id QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.61.1
purl pkg:pypi/matrix-synapse@1.61.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-bkk8-srvr-pqfj
9
vulnerability VCID-c1vt-9j6a-b7cr
10
vulnerability VCID-hqwh-2un3-bqd8
11
vulnerability VCID-n8mv-4upg-hfa3
12
vulnerability VCID-p9ck-pwqp-qyc7
13
vulnerability VCID-rcdd-qkxt-nuez
14
vulnerability VCID-s1jf-x5ug-jqcq
15
vulnerability VCID-y6j7-eetd-pkfh
16
vulnerability VCID-yync-gs3f-nyax
17
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.61.1
aliases CVE-2022-31052, GHSA-22p3-qrh9-cx32, PYSEC-2022-224
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ff-1859-ekhm
15
url VCID-hqwh-2un3-bqd8
vulnerability_id VCID-hqwh-2un3-bqd8
summary Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52815
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.5808
published_at 2026-06-11T12:55:00Z
1
value 0.00353
scoring_system epss
scoring_elements 0.58194
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52815
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52815
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52815
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/advisories/GHSA-f3r3-h2mq-hx2h
reference_id GHSA-f3r3-h2mq-hx2h
reference_type
scores
url https://github.com/advisories/GHSA-f3r3-h2mq-hx2h
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h
reference_id GHSA-f3r3-h2mq-hx2h
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:05:32Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h
fixed_packages
0
url pkg:pypi/matrix-synapse@1.120.1
purl pkg:pypi/matrix-synapse@1.120.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.120.1
aliases CVE-2024-52815, GHSA-f3r3-h2mq-hx2h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqwh-2un3-bqd8
16
url VCID-n8mv-4upg-hfa3
vulnerability_id VCID-n8mv-4upg-hfa3
summary Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45078
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02905
published_at 2026-06-12T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02895
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45078
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/element-hq/synapse/commit/3f58bc50dfba5768ee43ce48c5e74c25ba0b078a
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/commit/3f58bc50dfba5768ee43ce48c5e74c25ba0b078a
3
reference_url https://github.com/element-hq/synapse/issues/19394
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/issues/19394
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2026-191.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2026-191.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45078
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45078
6
reference_url https://github.com/advisories/GHSA-8q93-326v-3m7g
reference_id GHSA-8q93-326v-3m7g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8q93-326v-3m7g
7
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-8q93-326v-3m7g
reference_id GHSA-8q93-326v-3m7g
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:31:35Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-8q93-326v-3m7g
fixed_packages
0
url pkg:pypi/matrix-synapse@1.152.1
purl pkg:pypi/matrix-synapse@1.152.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.152.1
aliases CVE-2026-45078, CVE-2026-45078,, GHSA-8q93-326v-3m7g, PYSEC-2026-191
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8mv-4upg-hfa3
17
url VCID-p9ck-pwqp-qyc7
vulnerability_id VCID-p9ck-pwqp-qyc7
summary Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32683
reference_id
reference_type
scores
0
value 0.00349
scoring_system epss
scoring_elements 0.5793
published_at 2026-06-12T12:55:00Z
1
value 0.00349
scoring_system epss
scoring_elements 0.57818
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32683
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.85.0
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.85.0
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-85.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-85.yaml
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32683
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32683
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037207
reference_id 1037207
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037207
7
reference_url https://github.com/matrix-org/synapse/pull/15601
reference_id 15601
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:39Z/
url https://github.com/matrix-org/synapse/pull/15601
8
reference_url https://github.com/advisories/GHSA-98px-6486-j7qc
reference_id GHSA-98px-6486-j7qc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98px-6486-j7qc
9
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc
reference_id GHSA-98px-6486-j7qc
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:39Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc
10
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
reference_id X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.85.0
purl pkg:pypi/matrix-synapse@1.85.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-5h97-3s9w-c3ab
4
vulnerability VCID-7v7h-zrjj-pkh3
5
vulnerability VCID-c1vt-9j6a-b7cr
6
vulnerability VCID-hqwh-2un3-bqd8
7
vulnerability VCID-husr-u735-97hh
8
vulnerability VCID-n8mv-4upg-hfa3
9
vulnerability VCID-rcdd-qkxt-nuez
10
vulnerability VCID-s1jf-x5ug-jqcq
11
vulnerability VCID-y6j7-eetd-pkfh
12
vulnerability VCID-yync-gs3f-nyax
13
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.85.0
aliases CVE-2023-32683, GHSA-98px-6486-j7qc, PYSEC-2023-85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9ck-pwqp-qyc7
18
url VCID-rcdd-qkxt-nuez
vulnerability_id VCID-rcdd-qkxt-nuez
summary Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or within the Matrix ecosystem. Synapse 1.120.1 addresses the issue by restricting thumbnail generation to images in the following widely used formats: PNG, JPEG, GIF, and WebP. This vulnerability is fixed in 1.120.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53863
reference_id
reference_type
scores
0
value 0.00962
scoring_system epss
scoring_elements 0.76926
published_at 2026-06-11T12:55:00Z
1
value 0.00962
scoring_system epss
scoring_elements 0.76998
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53863
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53863
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53863
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/advisories/GHSA-vp6v-whfm-rv3g
reference_id GHSA-vp6v-whfm-rv3g
reference_type
scores
url https://github.com/advisories/GHSA-vp6v-whfm-rv3g
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g
reference_id GHSA-vp6v-whfm-rv3g
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:07:32Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g
6
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.120.1
purl pkg:pypi/matrix-synapse@1.120.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.120.1
aliases CVE-2024-53863, GHSA-vp6v-whfm-rv3g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcdd-qkxt-nuez
19
url VCID-s1jf-x5ug-jqcq
vulnerability_id VCID-s1jf-x5ug-jqcq
summary Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52805
reference_id
reference_type
scores
0
value 0.01089
scoring_system epss
scoring_elements 0.7834
published_at 2026-06-11T12:55:00Z
1
value 0.01089
scoring_system epss
scoring_elements 0.78408
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52805
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52805
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52805
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
reference_id 4688#issuecomment-1167705518
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/
url https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
5
reference_url https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609
reference_id 4688#issuecomment-2385711609
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/
url https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609
6
reference_url https://github.com/advisories/GHSA-rfq8-j7rh-8hf2
reference_id GHSA-rfq8-j7rh-8hf2
reference_type
scores
url https://github.com/advisories/GHSA-rfq8-j7rh-8hf2
7
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2
reference_id GHSA-rfq8-j7rh-8hf2
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2
fixed_packages
0
url pkg:pypi/matrix-synapse@1.120.1
purl pkg:pypi/matrix-synapse@1.120.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.120.1
aliases CVE-2024-52805, GHSA-rfq8-j7rh-8hf2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1jf-x5ug-jqcq
20
url VCID-sz98-t7z9-bqea
vulnerability_id VCID-sz98-t7z9-bqea
summary Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41952
reference_id
reference_type
scores
0
value 0.00552
scoring_system epss
scoring_elements 0.68476
published_at 2026-06-11T12:55:00Z
1
value 0.00552
scoring_system epss
scoring_elements 0.68564
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41952
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/pull/11784
reference_id 11784
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:47Z/
url https://github.com/matrix-org/synapse/pull/11784
3
reference_url https://github.com/matrix-org/synapse/pull/11936
reference_id 11936
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:47Z/
url https://github.com/matrix-org/synapse/pull/11936
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41952
reference_id CVE-2022-41952
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41952
5
reference_url https://github.com/advisories/GHSA-4822-jvwx-w47h
reference_id GHSA-4822-jvwx-w47h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4822-jvwx-w47h
6
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h
reference_id GHSA-4822-jvwx-w47h
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:47Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h
7
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.52.0
reference_id v1.52.0
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:47Z/
url https://github.com/matrix-org/synapse/releases/tag/v1.52.0
8
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.53.0
reference_id v1.53.0
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:47Z/
url https://github.com/matrix-org/synapse/releases/tag/v1.53.0
fixed_packages
0
url pkg:pypi/matrix-synapse@1.53.0
purl pkg:pypi/matrix-synapse@1.53.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-bkk8-srvr-pqfj
9
vulnerability VCID-c1vt-9j6a-b7cr
10
vulnerability VCID-g8ff-1859-ekhm
11
vulnerability VCID-hqwh-2un3-bqd8
12
vulnerability VCID-n8mv-4upg-hfa3
13
vulnerability VCID-p9ck-pwqp-qyc7
14
vulnerability VCID-rcdd-qkxt-nuez
15
vulnerability VCID-s1jf-x5ug-jqcq
16
vulnerability VCID-y6j7-eetd-pkfh
17
vulnerability VCID-yync-gs3f-nyax
18
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.53.0
aliases CVE-2022-41952, GHSA-4822-jvwx-w47h, GMS-2022-624
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz98-t7z9-bqea
21
url VCID-vns7-ssd1-8bhe
vulnerability_id VCID-vns7-ssd1-8bhe
summary information disclosure
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39163
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.42002
published_at 2026-06-11T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42165
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39163
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/cb35df940a
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/cb35df940a
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.41.1
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.41.1
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-424.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-424.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39163
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39163
11
reference_url https://security.archlinux.org/AVG-2334
reference_id AVG-2334
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2334
12
reference_url https://github.com/advisories/GHSA-jj53-8fmw-f2w2
reference_id GHSA-jj53-8fmw-f2w2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jj53-8fmw-f2w2
fixed_packages
0
url pkg:pypi/matrix-synapse@1.41.1
purl pkg:pypi/matrix-synapse@1.41.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-b2u5-56b4-63ae
9
vulnerability VCID-bkk8-srvr-pqfj
10
vulnerability VCID-c1vt-9j6a-b7cr
11
vulnerability VCID-g8ff-1859-ekhm
12
vulnerability VCID-hqwh-2un3-bqd8
13
vulnerability VCID-n8mv-4upg-hfa3
14
vulnerability VCID-p9ck-pwqp-qyc7
15
vulnerability VCID-rcdd-qkxt-nuez
16
vulnerability VCID-s1jf-x5ug-jqcq
17
vulnerability VCID-sz98-t7z9-bqea
18
vulnerability VCID-y6j7-eetd-pkfh
19
vulnerability VCID-yync-gs3f-nyax
20
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.41.1
aliases CVE-2021-39163, GHSA-jj53-8fmw-f2w2, PYSEC-2021-424
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vns7-ssd1-8bhe
22
url VCID-y6j7-eetd-pkfh
vulnerability_id VCID-y6j7-eetd-pkfh
summary Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. The issue is patched in Synapse 1.138.3, 1.138.4, 1.139.1, and 1.139.2. Note that even though 1.138.3 and 1.139.1 fix the vulnerability, they inadvertently introduced an unrelated regression. For this reason, the maintainers of Synapse recommend skipping these releases and upgrading straight to 1.138.4 and 1.139.2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61672.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61672.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61672
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14801
published_at 2026-06-12T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14679
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61672
2
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
3
reference_url https://github.com/element-hq/synapse/releases/tag/v1.138.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/releases/tag/v1.138.4
4
reference_url https://github.com/element-hq/synapse/releases/tag/v1.139.2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/releases/tag/v1.139.2
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117854
reference_id 1117854
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117854
6
reference_url https://github.com/element-hq/synapse/pull/17097
reference_id 17097
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/pull/17097
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402525
reference_id 2402525
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402525
8
reference_url https://github.com/element-hq/synapse/commit/26aaaf9e48fff80cf67a20c691c75d670034b3c1
reference_id 26aaaf9e48fff80cf67a20c691c75d670034b3c1
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/commit/26aaaf9e48fff80cf67a20c691c75d670034b3c1
9
reference_url https://github.com/element-hq/synapse/commit/7069636c2d6d1ef2022287addf3ed8b919ef2740
reference_id 7069636c2d6d1ef2022287addf3ed8b919ef2740
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/commit/7069636c2d6d1ef2022287addf3ed8b919ef2740
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61672
reference_id CVE-2025-61672
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61672
11
reference_url https://github.com/advisories/GHSA-fh66-fcv5-jjfr
reference_id GHSA-fh66-fcv5-jjfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh66-fcv5-jjfr
12
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr
reference_id GHSA-fh66-fcv5-jjfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr
13
reference_url https://github.com/element-hq/synapse/releases/tag/v1.138.3
reference_id v1.138.3
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/releases/tag/v1.138.3
14
reference_url https://github.com/element-hq/synapse/releases/tag/v1.139.1
reference_id v1.139.1
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/releases/tag/v1.139.1
fixed_packages
0
url pkg:pypi/matrix-synapse@1.138.3
purl pkg:pypi/matrix-synapse@1.138.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-n8mv-4upg-hfa3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.138.3
1
url pkg:pypi/matrix-synapse@1.139.1
purl pkg:pypi/matrix-synapse@1.139.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-n8mv-4upg-hfa3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.139.1
aliases CVE-2025-61672, GHSA-fh66-fcv5-jjfr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y6j7-eetd-pkfh
23
url VCID-yync-gs3f-nyax
vulnerability_id VCID-yync-gs3f-nyax
summary Multiple vulnerabilites have been found in Synapse, the worst of which could result in information leaks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45129.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45129.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45129
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.5038
published_at 2026-06-11T12:55:00Z
1
value 0.00266
scoring_system epss
scoring_elements 0.50513
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45129
2
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
3
reference_url https://github.com/matrix-org/synapse/commit/f84da3c32ec74cf054e2fd6d10618aa4997cffaa
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/f84da3c32ec74cf054e2fd6d10618aa4997cffaa
4
reference_url https://github.com/matrix-org/synapse/pull/16360
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/16360
5
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-199.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-199.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEVRB4MG5UXQ5RLZHSUJXM5GWEBYYS5B
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEVRB4MG5UXQ5RLZHSUJXM5GWEBYYS5B
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRO4MPQ6HOXIUZM6RJP6VTCTMV7RD2T3
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRO4MPQ6HOXIUZM6RJP6VTCTMV7RD2T3
10
reference_url https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45129
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45129
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243128
reference_id 2243128
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243128
13
reference_url https://github.com/advisories/GHSA-5chr-wjw5-3gq4
reference_id GHSA-5chr-wjw5-3gq4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5chr-wjw5-3gq4
fixed_packages
0
url pkg:pypi/matrix-synapse@1.94.0
purl pkg:pypi/matrix-synapse@1.94.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-7v7h-zrjj-pkh3
4
vulnerability VCID-c1vt-9j6a-b7cr
5
vulnerability VCID-hqwh-2un3-bqd8
6
vulnerability VCID-n8mv-4upg-hfa3
7
vulnerability VCID-rcdd-qkxt-nuez
8
vulnerability VCID-s1jf-x5ug-jqcq
9
vulnerability VCID-y6j7-eetd-pkfh
10
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.94.0
aliases CVE-2023-45129, GHSA-5chr-wjw5-3gq4, PYSEC-2023-199
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yync-gs3f-nyax
24
url VCID-z6uu-5bdh-pud4
vulnerability_id VCID-z6uu-5bdh-pud4
summary Multiple vulnerabilites have been found in Synapse, the worst of which could result in information leaks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43796
reference_id
reference_type
scores
0
value 0.00233
scoring_system epss
scoring_elements 0.46455
published_at 2026-06-12T12:55:00Z
1
value 0.00233
scoring_system epss
scoring_elements 0.46309
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43796
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f
3
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-230.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-230.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43796
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43796
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055255
reference_id 1055255
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055255
9
reference_url https://github.com/advisories/GHSA-mp92-3jfm-3575
reference_id GHSA-mp92-3jfm-3575
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mp92-3jfm-3575
10
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.95.1
purl pkg:pypi/matrix-synapse@1.95.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-7v7h-zrjj-pkh3
4
vulnerability VCID-c1vt-9j6a-b7cr
5
vulnerability VCID-hqwh-2un3-bqd8
6
vulnerability VCID-n8mv-4upg-hfa3
7
vulnerability VCID-rcdd-qkxt-nuez
8
vulnerability VCID-s1jf-x5ug-jqcq
9
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.95.1
aliases CVE-2023-43796, GHSA-mp92-3jfm-3575, PYSEC-2023-230
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6uu-5bdh-pud4
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.31.0