VulnerableCode Package Details - pkg:pypi/matrix-synapse@1.138.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-44n9-z1mc-fydq Aliases: CVE-2026-45076 CVE-2026-45076, GHSA-6qf2-7x63-mm6v PYSEC-2026-194	Synapse pagination Denial of Service ### Impact In federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. ### Patches Update to Synapse 1.152.1 or later. ### Workarounds There are no known workarounds for this issue. ### Identifiers - ELEMENTSEC-2025-1636 ### For more information If you have any questions or comments about this advisory, please email us at [security at element.io](mailto:security@element.io).	1.152.1 Affected by 0 other vulnerabilities.
VCID-57xv-u1be-mfez Aliases: CVE-2026-45078 CVE-2026-45078, GHSA-8q93-326v-3m7g PYSEC-2026-191	Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.	1.152.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-44n9-z1mc-fydq
Aliases:
CVE-2026-45076
CVE-2026-45076,
GHSA-6qf2-7x63-mm6v
PYSEC-2026-194

Synapse pagination Denial of Service ### Impact In federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. ### Patches Update to Synapse 1.152.1 or later. ### Workarounds There are no known workarounds for this issue. ### Identifiers - ELEMENTSEC-2025-1636 ### For more information If you have any questions or comments about this advisory, please email us at [security at element.io](mailto:security@element.io).

1.152.1
Affected by 0 other vulnerabilities.

VCID-57xv-u1be-mfez
Aliases:
CVE-2026-45078
CVE-2026-45078,
GHSA-8q93-326v-3m7g
PYSEC-2026-191

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.

1.152.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T17:05:38.049032+00:00	PyPI Importer	Affected by	VCID-57xv-u1be-mfez	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T17:05:37.061267+00:00	PyPI Importer	Affected by	VCID-44n9-z1mc-fydq	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T16:16:00.215755+00:00	Pypa Importer	Affected by	VCID-44n9-z1mc-fydq	https://github.com/pypa/advisory-database/blob/main/vulns/matrix-synapse/PYSEC-2026-194.yaml	38.6.0
2026-06-04T16:14:41.262418+00:00	Pypa Importer	Affected by	VCID-57xv-u1be-mfez	https://github.com/pypa/advisory-database/blob/main/vulns/matrix-synapse/PYSEC-2026-191.yaml	38.6.0