Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/synapse@1.120.1?arch=x86_64&distroversion=v3.20&reponame=community

Type apk

Namespace alpine

Name synapse

Version 1.120.1

Qualifiers

arch	x86_64
distroversion	v3.20
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-f96c-qram-33cg

vulnerability_id VCID-f96c-qram-33cg

summary Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-53867

reference_id

reference_type

scores

value	0.00134
scoring_system	epss
scoring_elements	0.32737
published_at	2026-06-13T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32713
published_at	2026-06-14T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32534
published_at	2026-06-11T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32715
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-53867

reference_url

https://github.com/element-hq/synapse

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/element-hq/synapse

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-53867

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-53867

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id	1088995
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995

reference_url

https://github.com/matrix-org/matrix-spec-proposals/pull/4186

reference_id

4186

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:07:06Z/

url

https://github.com/matrix-org/matrix-spec-proposals/pull/4186

reference_url

https://github.com/advisories/GHSA-56w4-5538-8v8h

reference_id

GHSA-56w4-5538-8v8h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-56w4-5538-8v8h

reference_url

https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h

reference_id

GHSA-56w4-5538-8v8h

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:07:06Z/

url

https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h

fixed_packages

url	pkg:apk/alpine/synapse@1.120.1?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/synapse@1.120.1?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.120.1%3Farch=x86_64&distroversion=v3.20&reponame=community

aliases CVE-2024-53867, GHSA-56w4-5538-8v8h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f96c-qram-33cg

url VCID-hqwh-2un3-bqd8

vulnerability_id VCID-hqwh-2un3-bqd8

summary Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52815

reference_id

reference_type

scores

value	0.00353
scoring_system	epss
scoring_elements	0.58194
published_at	2026-06-12T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.58198
published_at	2026-06-14T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.5808
published_at	2026-06-11T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.5821
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52815

reference_url

https://github.com/element-hq/synapse

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/element-hq/synapse

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52815

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52815

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id	1088995
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995

reference_url

https://github.com/advisories/GHSA-f3r3-h2mq-hx2h

reference_id

GHSA-f3r3-h2mq-hx2h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f3r3-h2mq-hx2h

reference_url

https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h

reference_id

GHSA-f3r3-h2mq-hx2h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:05:32Z/

url

https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h

fixed_packages

url	pkg:apk/alpine/synapse@1.120.1?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/synapse@1.120.1?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.120.1%3Farch=x86_64&distroversion=v3.20&reponame=community

aliases CVE-2024-52815, GHSA-f3r3-h2mq-hx2h

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqwh-2un3-bqd8

url VCID-rcdd-qkxt-nuez

vulnerability_id VCID-rcdd-qkxt-nuez

summary Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or within the Matrix ecosystem. Synapse 1.120.1 addresses the issue by restricting thumbnail generation to images in the following widely used formats: PNG, JPEG, GIF, and WebP. This vulnerability is fixed in 1.120.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-53863

reference_id

reference_type

scores

value	0.00962
scoring_system	epss
scoring_elements	0.76998
published_at	2026-06-12T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.77006
published_at	2026-06-14T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.76926
published_at	2026-06-11T12:55:00Z

value	0.00962
scoring_system	epss
scoring_elements	0.77013
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-53863

reference_url

https://github.com/element-hq/synapse

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/element-hq/synapse

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-53863

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-53863

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id	1088995
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995

reference_url

https://github.com/advisories/GHSA-vp6v-whfm-rv3g

reference_id

GHSA-vp6v-whfm-rv3g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vp6v-whfm-rv3g

reference_url

https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g

reference_id

GHSA-vp6v-whfm-rv3g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:07:32Z/

url

https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g

reference_url	https://usn.ubuntu.com/7444-1/
reference_id	USN-7444-1
reference_type
scores
url	https://usn.ubuntu.com/7444-1/

fixed_packages

url	pkg:apk/alpine/synapse@1.120.1?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/synapse@1.120.1?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.120.1%3Farch=x86_64&distroversion=v3.20&reponame=community

aliases CVE-2024-53863, GHSA-vp6v-whfm-rv3g

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcdd-qkxt-nuez

url VCID-s1jf-x5ug-jqcq

vulnerability_id VCID-s1jf-x5ug-jqcq

summary Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52805

reference_id

reference_type

scores

value	0.01089
scoring_system	epss
scoring_elements	0.78418
published_at	2026-06-14T12:55:00Z

value	0.01089
scoring_system	epss
scoring_elements	0.78422
published_at	2026-06-13T12:55:00Z

value	0.01089
scoring_system	epss
scoring_elements	0.78408
published_at	2026-06-12T12:55:00Z

value	0.01089
scoring_system	epss
scoring_elements	0.7834
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52805

reference_url

https://github.com/element-hq/synapse

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/element-hq/synapse

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52805

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52805

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id	1088995
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995

reference_url

https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518

reference_id

4688#issuecomment-1167705518

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/

url

https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518

reference_url

https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609

reference_id

4688#issuecomment-2385711609

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/

url

https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609

reference_url

https://github.com/advisories/GHSA-rfq8-j7rh-8hf2

reference_id

GHSA-rfq8-j7rh-8hf2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rfq8-j7rh-8hf2

reference_url

https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2

reference_id

GHSA-rfq8-j7rh-8hf2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/

url

https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2

fixed_packages

url	pkg:apk/alpine/synapse@1.120.1?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/synapse@1.120.1?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.120.1%3Farch=x86_64&distroversion=v3.20&reponame=community

aliases CVE-2024-52805, GHSA-rfq8-j7rh-8hf2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1jf-x5ug-jqcq

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.120.1%3Farch=x86_64&distroversion=v3.20&reponame=community

Package Instance