Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/matrix-synapse@1.135.0rc1
Typepypi
Namespace
Namematrix-synapse
Version1.135.0rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.152.1
Latest_non_vulnerable_version1.152.1
Affected_by_vulnerabilities
0
url VCID-361n-7ar1-fqgr
vulnerability_id VCID-361n-7ar1-fqgr
summary 
Synapse's invalid device keys degrade federation functionality
Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61672.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61672.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61672
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.1464
published_at 2026-06-07T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14676
published_at 2026-06-05T12:55:00Z
2
value 0.00046
scoring_system epss
scoring_elements 0.14682
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61672
2
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
3
reference_url https://github.com/element-hq/synapse/commit/26aaaf9e48fff80cf67a20c691c75d670034b3c1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/commit/26aaaf9e48fff80cf67a20c691c75d670034b3c1
4
reference_url https://github.com/element-hq/synapse/commit/7069636c2d6d1ef2022287addf3ed8b919ef2740
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/commit/7069636c2d6d1ef2022287addf3ed8b919ef2740
5
reference_url https://github.com/element-hq/synapse/pull/17097
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/pull/17097
6
reference_url https://github.com/element-hq/synapse/releases/tag/v1.138.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/releases/tag/v1.138.3
7
reference_url https://github.com/element-hq/synapse/releases/tag/v1.138.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/releases/tag/v1.138.4
8
reference_url https://github.com/element-hq/synapse/releases/tag/v1.139.1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/releases/tag/v1.139.1
9
reference_url https://github.com/element-hq/synapse/releases/tag/v1.139.2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/releases/tag/v1.139.2
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117854
reference_id 1117854
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117854
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402525
reference_id 2402525
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402525
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61672
reference_id CVE-2025-61672
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61672
13
reference_url https://github.com/advisories/GHSA-fh66-fcv5-jjfr
reference_id GHSA-fh66-fcv5-jjfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh66-fcv5-jjfr
14
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr
reference_id GHSA-fh66-fcv5-jjfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr
fixed_packages
0
url pkg:pypi/matrix-synapse@1.138.3
purl pkg:pypi/matrix-synapse@1.138.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44n9-z1mc-fydq
1
vulnerability VCID-57xv-u1be-mfez
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.138.3
1
url pkg:pypi/matrix-synapse@1.139.1
purl pkg:pypi/matrix-synapse@1.139.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44n9-z1mc-fydq
1
vulnerability VCID-57xv-u1be-mfez
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.139.1
aliases CVE-2025-61672, GHSA-fh66-fcv5-jjfr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-361n-7ar1-fqgr
1
url VCID-44n9-z1mc-fydq
vulnerability_id VCID-44n9-z1mc-fydq
summary 
Synapse pagination Denial of Service
### Impact

In federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients.

Clients could therefore fail to display room history.

### Patches

Update to Synapse 1.152.1 or later.

### Workarounds

There are no known workarounds for this issue.

### Identifiers

- ELEMENTSEC-2025-1636

### For more information

If you have any questions or comments about this advisory, please email us at [security at element.io](mailto:security@element.io).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45076
reference_id
reference_type
scores
0
value 0.00091
scoring_system epss
scoring_elements 0.25833
published_at 2026-06-05T12:55:00Z
1
value 0.00091
scoring_system epss
scoring_elements 0.25777
published_at 2026-06-07T12:55:00Z
2
value 0.00091
scoring_system epss
scoring_elements 0.25824
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45076
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-6qf2-7x63-mm6v
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T14:51:22Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-6qf2-7x63-mm6v
fixed_packages
0
url pkg:pypi/matrix-synapse@1.152.1
purl pkg:pypi/matrix-synapse@1.152.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.152.1
aliases CVE-2026-45076, CVE-2026-45076,, GHSA-6qf2-7x63-mm6v, PYSEC-2026-194
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44n9-z1mc-fydq
2
url VCID-57xv-u1be-mfez
vulnerability_id VCID-57xv-u1be-mfez
summary Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45078
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02917
published_at 2026-06-07T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02971
published_at 2026-06-06T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02963
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45078
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/element-hq/synapse/commit/3f58bc50dfba5768ee43ce48c5e74c25ba0b078a
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/commit/3f58bc50dfba5768ee43ce48c5e74c25ba0b078a
3
reference_url https://github.com/element-hq/synapse/issues/19394
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/issues/19394
4
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-8q93-326v-3m7g
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:31:35Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-8q93-326v-3m7g
fixed_packages
0
url pkg:pypi/matrix-synapse@1.152.1
purl pkg:pypi/matrix-synapse@1.152.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.152.1
aliases CVE-2026-45078, CVE-2026-45078,, GHSA-8q93-326v-3m7g, PYSEC-2026-191
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57xv-u1be-mfez
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.135.0rc1