Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/matrix-js-sdk@0.10.4
Typenpm
Namespace
Namematrix-js-sdk
Version0.10.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version38.2.0
Latest_non_vulnerable_version38.2.0
Affected_by_vulnerabilities
0
url VCID-67qe-c4ec-rqgh
vulnerability_id VCID-67qe-c4ec-rqgh
summary information disclosure
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-40823
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.36953
published_at 2026-06-11T12:55:00Z
1
value 0.00162
scoring_system epss
scoring_elements 0.37142
published_at 2026-06-14T12:55:00Z
2
value 0.00162
scoring_system epss
scoring_elements 0.37157
published_at 2026-06-13T12:55:00Z
3
value 0.00162
scoring_system epss
scoring_elements 0.37131
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-40823
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40823
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40823
2
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
3
reference_url https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9
4
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v12.4.1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v12.4.1
5
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-23cm-x6j7-6hq3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-23cm-x6j7-6hq3
6
reference_url https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40823
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-40823
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994213
reference_id 994213
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994213
9
reference_url https://security.archlinux.org/ASA-202109-4
reference_id ASA-202109-4
reference_type
scores
url https://security.archlinux.org/ASA-202109-4
10
reference_url https://security.archlinux.org/ASA-202109-5
reference_id ASA-202109-5
reference_type
scores
url https://security.archlinux.org/ASA-202109-5
11
reference_url https://security.archlinux.org/AVG-2377
reference_id AVG-2377
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2377
12
reference_url https://github.com/advisories/GHSA-23cm-x6j7-6hq3
reference_id GHSA-23cm-x6j7-6hq3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23cm-x6j7-6hq3
fixed_packages
0
url pkg:npm/matrix-js-sdk@12.4.1
purl pkg:npm/matrix-js-sdk@12.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7cz7-d53b-vqae
1
vulnerability VCID-cjfe-qh1a-6bfc
2
vulnerability VCID-epab-hxde-hfbc
3
vulnerability VCID-gcc4-2cdp-8qb5
4
vulnerability VCID-gcna-2gfa-bqdc
5
vulnerability VCID-k23m-f2ma-guc5
6
vulnerability VCID-n8jg-38q6-hyf8
7
vulnerability VCID-rve8-bh5h-g7fz
8
vulnerability VCID-tyrd-tnm1-zqfd
9
vulnerability VCID-uuqj-sdvf-abdn
10
vulnerability VCID-v5ft-rfve-67fd
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@12.4.1
1
url pkg:npm/matrix-js-sdk@12.5.0-rc.1
purl pkg:npm/matrix-js-sdk@12.5.0-rc.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7cz7-d53b-vqae
1
vulnerability VCID-cjfe-qh1a-6bfc
2
vulnerability VCID-epab-hxde-hfbc
3
vulnerability VCID-gcc4-2cdp-8qb5
4
vulnerability VCID-gcna-2gfa-bqdc
5
vulnerability VCID-k23m-f2ma-guc5
6
vulnerability VCID-n8jg-38q6-hyf8
7
vulnerability VCID-rve8-bh5h-g7fz
8
vulnerability VCID-tyrd-tnm1-zqfd
9
vulnerability VCID-uuqj-sdvf-abdn
10
vulnerability VCID-v5ft-rfve-67fd
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@12.5.0-rc.1
aliases CVE-2021-40823, GHSA-23cm-x6j7-6hq3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67qe-c4ec-rqgh
1
url VCID-cjfe-qh1a-6bfc
vulnerability_id VCID-cjfe-qh1a-6bfc
summary matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42369
reference_id
reference_type
scores
0
value 0.00205
scoring_system epss
scoring_elements 0.42661
published_at 2026-06-11T12:55:00Z
1
value 0.00205
scoring_system epss
scoring_elements 0.42832
published_at 2026-06-14T12:55:00Z
2
value 0.00205
scoring_system epss
scoring_elements 0.42822
published_at 2026-06-12T12:55:00Z
3
value 0.00205
scoring_system epss
scoring_elements 0.42842
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42369
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42369
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42369
2
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
3
reference_url https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6
reference_id a0efed8b881b3db6c9f2c71d6a6e74c2828978c6
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:41:11Z/
url https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42369
reference_id CVE-2024-42369
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42369
5
reference_url https://github.com/advisories/GHSA-vhr5-g3pm-49fm
reference_id GHSA-vhr5-g3pm-49fm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vhr5-g3pm-49fm
6
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm
reference_id GHSA-vhr5-g3pm-49fm
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:41:11Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm
fixed_packages
0
url pkg:npm/matrix-js-sdk@34.3.1
purl pkg:npm/matrix-js-sdk@34.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k23m-f2ma-guc5
1
vulnerability VCID-rve8-bh5h-g7fz
2
vulnerability VCID-uuqj-sdvf-abdn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@34.3.1
aliases CVE-2024-42369, GHSA-vhr5-g3pm-49fm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cjfe-qh1a-6bfc
2
url VCID-epab-hxde-hfbc
vulnerability_id VCID-epab-hxde-hfbc
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36059.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36059.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36059
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.49236
published_at 2026-06-12T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.49243
published_at 2026-06-14T12:55:00Z
2
value 0.00255
scoring_system epss
scoring_elements 0.49254
published_at 2026-06-13T12:55:00Z
3
value 0.00255
scoring_system epss
scoring_elements 0.49099
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36059
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
5
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.4.0
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.4.0
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36059
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36059
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018970
reference_id 1018970
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018970
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2123258
reference_id 2123258
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2123258
9
reference_url https://github.com/advisories/GHSA-rfv9-x7hh-xc32
reference_id GHSA-rfv9-x7hh-xc32
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rfv9-x7hh-xc32
10
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-rfv9-x7hh-xc32
reference_id GHSA-rfv9-x7hh-xc32
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:05:25Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-rfv9-x7hh-xc32
11
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-38
reference_id mfsa2022-38
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-38
12
reference_url https://access.redhat.com/errata/RHSA-2022:6708
reference_id RHSA-2022:6708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6708
13
reference_url https://access.redhat.com/errata/RHSA-2022:6710
reference_id RHSA-2022:6710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6710
14
reference_url https://access.redhat.com/errata/RHSA-2022:6713
reference_id RHSA-2022:6713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6713
15
reference_url https://access.redhat.com/errata/RHSA-2022:6715
reference_id RHSA-2022:6715
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6715
16
reference_url https://access.redhat.com/errata/RHSA-2022:6716
reference_id RHSA-2022:6716
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6716
17
reference_url https://access.redhat.com/errata/RHSA-2022:6717
reference_id RHSA-2022:6717
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6717
18
reference_url https://usn.ubuntu.com/5663-1/
reference_id USN-5663-1
reference_type
scores
url https://usn.ubuntu.com/5663-1/
fixed_packages
0
url pkg:npm/matrix-js-sdk@19.4.0
purl pkg:npm/matrix-js-sdk@19.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cjfe-qh1a-6bfc
1
vulnerability VCID-gcc4-2cdp-8qb5
2
vulnerability VCID-gcna-2gfa-bqdc
3
vulnerability VCID-h8sc-emab-7ye2
4
vulnerability VCID-k23m-f2ma-guc5
5
vulnerability VCID-n8jg-38q6-hyf8
6
vulnerability VCID-rve8-bh5h-g7fz
7
vulnerability VCID-tyrd-tnm1-zqfd
8
vulnerability VCID-uuqj-sdvf-abdn
9
vulnerability VCID-v5ft-rfve-67fd
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@19.4.0
aliases CVE-2022-36059, GHSA-rfv9-x7hh-xc32
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epab-hxde-hfbc
3
url VCID-gcc4-2cdp-8qb5
vulnerability_id VCID-gcc4-2cdp-8qb5
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39251.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39251.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39251
reference_id
reference_type
scores
0
value 0.00278
scoring_system epss
scoring_elements 0.51677
published_at 2026-06-14T12:55:00Z
1
value 0.00278
scoring_system epss
scoring_elements 0.5155
published_at 2026-06-11T12:55:00Z
2
value 0.00278
scoring_system epss
scoring_elements 0.51681
published_at 2026-06-12T12:55:00Z
3
value 0.00278
scoring_system epss
scoring_elements 0.51692
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39251
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39251
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39251
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136
reference_id 1021136
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136
6
reference_url https://security.gentoo.org/glsa/202210-35
reference_id 202210-35
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:00Z/
url https://security.gentoo.org/glsa/202210-35
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135396
reference_id 2135396
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135396
8
reference_url https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
reference_id a587d7c36026fe1fcf93dfff63588abee359be76
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:00Z/
url https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39251
reference_id CVE-2022-39251
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39251
10
reference_url https://github.com/advisories/GHSA-r48r-j8fx-mq2c
reference_id GHSA-r48r-j8fx-mq2c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r48r-j8fx-mq2c
11
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
reference_id GHSA-r48r-j8fx-mq2c
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:00Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
12
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
reference_id mfsa2022-43
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
13
reference_url https://access.redhat.com/errata/RHSA-2022:7178
reference_id RHSA-2022:7178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7178
14
reference_url https://access.redhat.com/errata/RHSA-2022:7181
reference_id RHSA-2022:7181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7181
15
reference_url https://access.redhat.com/errata/RHSA-2022:7182
reference_id RHSA-2022:7182
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7182
16
reference_url https://access.redhat.com/errata/RHSA-2022:7183
reference_id RHSA-2022:7183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7183
17
reference_url https://access.redhat.com/errata/RHSA-2022:7184
reference_id RHSA-2022:7184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7184
18
reference_url https://access.redhat.com/errata/RHSA-2022:7190
reference_id RHSA-2022:7190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7190
19
reference_url https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
reference_id upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:00Z/
url https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
20
reference_url https://usn.ubuntu.com/5724-1/
reference_id USN-5724-1
reference_type
scores
url https://usn.ubuntu.com/5724-1/
21
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
reference_id v19.7.0
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:00Z/
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
fixed_packages
0
url pkg:npm/matrix-js-sdk@19.7.0
purl pkg:npm/matrix-js-sdk@19.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cjfe-qh1a-6bfc
1
vulnerability VCID-k23m-f2ma-guc5
2
vulnerability VCID-n8jg-38q6-hyf8
3
vulnerability VCID-rve8-bh5h-g7fz
4
vulnerability VCID-uuqj-sdvf-abdn
5
vulnerability VCID-v5ft-rfve-67fd
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@19.7.0
aliases CVE-2022-39251, GHSA-r48r-j8fx-mq2c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gcc4-2cdp-8qb5
4
url VCID-gcna-2gfa-bqdc
vulnerability_id VCID-gcna-2gfa-bqdc
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39249.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39249.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39249
reference_id
reference_type
scores
0
value 0.00477
scoring_system epss
scoring_elements 0.65517
published_at 2026-06-14T12:55:00Z
1
value 0.00477
scoring_system epss
scoring_elements 0.65408
published_at 2026-06-11T12:55:00Z
2
value 0.00477
scoring_system epss
scoring_elements 0.65508
published_at 2026-06-12T12:55:00Z
3
value 0.00477
scoring_system epss
scoring_elements 0.65519
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39249
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39249
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39249
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136
reference_id 1021136
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136
6
reference_url https://security.gentoo.org/glsa/202210-35
reference_id 202210-35
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:04Z/
url https://security.gentoo.org/glsa/202210-35
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135393
reference_id 2135393
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135393
8
reference_url https://github.com/matrix-org/matrix-spec-proposals/pull/3061
reference_id 3061
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:04Z/
url https://github.com/matrix-org/matrix-spec-proposals/pull/3061
9
reference_url https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
reference_id a587d7c36026fe1fcf93dfff63588abee359be76
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:04Z/
url https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39249
reference_id CVE-2022-39249
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39249
11
reference_url https://github.com/advisories/GHSA-6263-x97c-c4gg
reference_id GHSA-6263-x97c-c4gg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6263-x97c-c4gg
12
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg
reference_id GHSA-6263-x97c-c4gg
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:04Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg
13
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
reference_id mfsa2022-43
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
14
reference_url https://access.redhat.com/errata/RHSA-2022:7178
reference_id RHSA-2022:7178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7178
15
reference_url https://access.redhat.com/errata/RHSA-2022:7181
reference_id RHSA-2022:7181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7181
16
reference_url https://access.redhat.com/errata/RHSA-2022:7182
reference_id RHSA-2022:7182
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7182
17
reference_url https://access.redhat.com/errata/RHSA-2022:7183
reference_id RHSA-2022:7183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7183
18
reference_url https://access.redhat.com/errata/RHSA-2022:7184
reference_id RHSA-2022:7184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7184
19
reference_url https://access.redhat.com/errata/RHSA-2022:7190
reference_id RHSA-2022:7190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7190
20
reference_url https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
reference_id upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:04Z/
url https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
21
reference_url https://usn.ubuntu.com/5724-1/
reference_id USN-5724-1
reference_type
scores
url https://usn.ubuntu.com/5724-1/
22
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
reference_id v19.7.0
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:04Z/
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
fixed_packages
0
url pkg:npm/matrix-js-sdk@19.7.0
purl pkg:npm/matrix-js-sdk@19.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cjfe-qh1a-6bfc
1
vulnerability VCID-k23m-f2ma-guc5
2
vulnerability VCID-n8jg-38q6-hyf8
3
vulnerability VCID-rve8-bh5h-g7fz
4
vulnerability VCID-uuqj-sdvf-abdn
5
vulnerability VCID-v5ft-rfve-67fd
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@19.7.0
aliases CVE-2022-39249, GHSA-6263-x97c-c4gg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gcna-2gfa-bqdc
5
url VCID-k23m-f2ma-guc5
vulnerability_id VCID-k23m-f2ma-guc5
summary Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. The issue has been patched and users should upgrade to 38.2.0. A workaround is to avoid using MatrixClient::getJoinedRooms in favor of getRooms() and filtering upgraded rooms separately.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59160
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.28769
published_at 2026-06-13T12:55:00Z
1
value 0.00108
scoring_system epss
scoring_elements 0.28758
published_at 2026-06-14T12:55:00Z
2
value 0.00108
scoring_system epss
scoring_elements 0.28743
published_at 2026-06-12T12:55:00Z
3
value 0.00108
scoring_system epss
scoring_elements 0.28548
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59160
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59160
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59160
2
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
3
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v38.2.0
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v38.2.0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59160
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59160
5
reference_url https://www.npmjs.com/package/matrix-js-sdk/v/38.2.0
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/matrix-js-sdk/v/38.2.0
6
reference_url https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
reference_id 43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-16T17:29:36Z/
url https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
7
reference_url https://github.com/advisories/GHSA-mp7c-m3rh-r56v
reference_id GHSA-mp7c-m3rh-r56v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mp7c-m3rh-r56v
8
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
reference_id GHSA-mp7c-m3rh-r56v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-16T17:29:36Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
fixed_packages
0
url pkg:npm/matrix-js-sdk@38.2.0
purl pkg:npm/matrix-js-sdk@38.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@38.2.0
aliases CVE-2025-59160, GHSA-mp7c-m3rh-r56v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k23m-f2ma-guc5
6
url VCID-n8jg-38q6-hyf8
vulnerability_id VCID-n8jg-38q6-hyf8
summary matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possible because matrix-js-sdk's group call implementation accepts incoming direct calls from other users, even if they have not yet declared intent to participate in the group call, as a means of resolving a race condition in call setup. Affected versions do not restrict access to the user's outbound media in this case. Legacy 1:1 calls are unaffected. This is fixed in matrix-js-sdk 24.1.0. As a workaround, users may hold group calls in private rooms where only the exact users who are expected to participate in the call are present.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29529
reference_id
reference_type
scores
0
value 0.00184
scoring_system epss
scoring_elements 0.40022
published_at 2026-06-11T12:55:00Z
1
value 0.00184
scoring_system epss
scoring_elements 0.40203
published_at 2026-06-14T12:55:00Z
2
value 0.00184
scoring_system epss
scoring_elements 0.40214
published_at 2026-06-13T12:55:00Z
3
value 0.00184
scoring_system epss
scoring_elements 0.40191
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29529
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29529
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29529
2
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29529
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29529
4
reference_url https://github.com/matrix-org/matrix-spec-proposals/pull/3401
reference_id 3401
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T18:45:25Z/
url https://github.com/matrix-org/matrix-spec-proposals/pull/3401
5
reference_url https://github.com/advisories/GHSA-6g67-q39g-r79q
reference_id GHSA-6g67-q39g-r79q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6g67-q39g-r79q
6
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6g67-q39g-r79q
reference_id GHSA-6g67-q39g-r79q
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T18:45:25Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6g67-q39g-r79q
7
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v24.1.0
reference_id v24.1.0
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T18:45:25Z/
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v24.1.0
fixed_packages
0
url pkg:npm/matrix-js-sdk@24.1.0
purl pkg:npm/matrix-js-sdk@24.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cjfe-qh1a-6bfc
1
vulnerability VCID-k23m-f2ma-guc5
2
vulnerability VCID-rve8-bh5h-g7fz
3
vulnerability VCID-uuqj-sdvf-abdn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@24.1.0
aliases CVE-2023-29529, GHSA-6g67-q39g-r79q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8jg-38q6-hyf8
7
url VCID-tyrd-tnm1-zqfd
vulnerability_id VCID-tyrd-tnm1-zqfd
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39250.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39250.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39250
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.53255
published_at 2026-06-14T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.53126
published_at 2026-06-11T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.53253
published_at 2026-06-12T12:55:00Z
3
value 0.00294
scoring_system epss
scoring_elements 0.53268
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39250
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39250
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39250
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136
reference_id 1021136
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136
6
reference_url https://security.gentoo.org/glsa/202210-35
reference_id 202210-35
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:35Z/
url https://security.gentoo.org/glsa/202210-35
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135395
reference_id 2135395
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135395
8
reference_url https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
reference_id a587d7c36026fe1fcf93dfff63588abee359be76
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:35Z/
url https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39250
reference_id CVE-2022-39250
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39250
10
reference_url https://github.com/advisories/GHSA-5w8r-8pgj-5jmf
reference_id GHSA-5w8r-8pgj-5jmf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5w8r-8pgj-5jmf
11
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf
reference_id GHSA-5w8r-8pgj-5jmf
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:35Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf
12
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
reference_id mfsa2022-43
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
13
reference_url https://access.redhat.com/errata/RHSA-2022:7178
reference_id RHSA-2022:7178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7178
14
reference_url https://access.redhat.com/errata/RHSA-2022:7181
reference_id RHSA-2022:7181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7181
15
reference_url https://access.redhat.com/errata/RHSA-2022:7182
reference_id RHSA-2022:7182
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7182
16
reference_url https://access.redhat.com/errata/RHSA-2022:7183
reference_id RHSA-2022:7183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7183
17
reference_url https://access.redhat.com/errata/RHSA-2022:7184
reference_id RHSA-2022:7184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7184
18
reference_url https://access.redhat.com/errata/RHSA-2022:7190
reference_id RHSA-2022:7190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7190
19
reference_url https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
reference_id upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:35Z/
url https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
20
reference_url https://usn.ubuntu.com/5724-1/
reference_id USN-5724-1
reference_type
scores
url https://usn.ubuntu.com/5724-1/
21
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
reference_id v19.7.0
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:35Z/
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
fixed_packages
0
url pkg:npm/matrix-js-sdk@19.7.0
purl pkg:npm/matrix-js-sdk@19.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cjfe-qh1a-6bfc
1
vulnerability VCID-k23m-f2ma-guc5
2
vulnerability VCID-n8jg-38q6-hyf8
3
vulnerability VCID-rve8-bh5h-g7fz
4
vulnerability VCID-uuqj-sdvf-abdn
5
vulnerability VCID-v5ft-rfve-67fd
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@19.7.0
aliases CVE-2022-39250, GHSA-5w8r-8pgj-5jmf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyrd-tnm1-zqfd
8
url VCID-uuqj-sdvf-abdn
vulnerability_id VCID-uuqj-sdvf-abdn
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50336
reference_id
reference_type
scores
0
value 0.00877
scoring_system epss
scoring_elements 0.75739
published_at 2026-06-11T12:55:00Z
1
value 0.00877
scoring_system epss
scoring_elements 0.75819
published_at 2026-06-14T12:55:00Z
2
value 0.00877
scoring_system epss
scoring_elements 0.75823
published_at 2026-06-13T12:55:00Z
3
value 0.00877
scoring_system epss
scoring_elements 0.7581
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50336
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50336
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50336
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
4
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50336
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50336
6
reference_url https://github.com/advisories/GHSA-xvg8-m4x3-w6xr
reference_id GHSA-xvg8-m4x3-w6xr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xvg8-m4x3-w6xr
7
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr
reference_id GHSA-xvg8-m4x3-w6xr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T17:11:23Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr
8
reference_url https://security.gentoo.org/glsa/202505-03
reference_id GLSA-202505-03
reference_type
scores
url https://security.gentoo.org/glsa/202505-03
9
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2024-69
reference_id mfsa2024-69
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2024-69
10
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-04
reference_id mfsa2025-04
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-04
11
reference_url https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5
reference_id #security-considerations-5
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T17:11:23Z/
url https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5
12
reference_url https://usn.ubuntu.com/7991-1/
reference_id USN-7991-1
reference_type
scores
url https://usn.ubuntu.com/7991-1/
fixed_packages
0
url pkg:npm/matrix-js-sdk@34.11.1
purl pkg:npm/matrix-js-sdk@34.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k23m-f2ma-guc5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@34.11.1
aliases CVE-2024-50336, GHSA-xvg8-m4x3-w6xr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uuqj-sdvf-abdn
9
url VCID-v5ft-rfve-67fd
vulnerability_id VCID-v5ft-rfve-67fd
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28427.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28427.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28427
reference_id
reference_type
scores
0
value 0.00602
scoring_system epss
scoring_elements 0.69998
published_at 2026-06-11T12:55:00Z
1
value 0.00602
scoring_system epss
scoring_elements 0.70101
published_at 2026-06-14T12:55:00Z
2
value 0.00602
scoring_system epss
scoring_elements 0.70103
published_at 2026-06-13T12:55:00Z
3
value 0.00602
scoring_system epss
scoring_elements 0.70089
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28427
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1945
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1945
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1999
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1999
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28427
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28427
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29479
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29479
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29533
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29533
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29535
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29535
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29536
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29539
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29541
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29541
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29548
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29548
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29550
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29550
14
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
15
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28427
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28427
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033621
reference_id 1033621
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033621
18
reference_url https://security.gentoo.org/glsa/202305-36
reference_id 202305-36
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:03:37Z/
url https://security.gentoo.org/glsa/202305-36
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2183278
reference_id 2183278
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2183278
20
reference_url https://www.debian.org/security/2023/dsa-5392
reference_id dsa-5392
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:03:37Z/
url https://www.debian.org/security/2023/dsa-5392
21
reference_url https://github.com/advisories/GHSA-mwq8-fjpf-c2gr
reference_id GHSA-mwq8-fjpf-c2gr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwq8-fjpf-c2gr
22
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr
reference_id GHSA-mwq8-fjpf-c2gr
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:03:37Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr
23
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-rfv9-x7hh-xc32
reference_id GHSA-rfv9-x7hh-xc32
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-rfv9-x7hh-xc32
24
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2023-12
reference_id mfsa2023-12
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2023-12
25
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00027.html
reference_id msg00027.html
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:03:37Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00027.html
26
reference_url https://access.redhat.com/errata/RHSA-2023:1802
reference_id RHSA-2023:1802
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1802
27
reference_url https://access.redhat.com/errata/RHSA-2023:1803
reference_id RHSA-2023:1803
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1803
28
reference_url https://access.redhat.com/errata/RHSA-2023:1804
reference_id RHSA-2023:1804
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1804
29
reference_url https://access.redhat.com/errata/RHSA-2023:1805
reference_id RHSA-2023:1805
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1805
30
reference_url https://access.redhat.com/errata/RHSA-2023:1806
reference_id RHSA-2023:1806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1806
31
reference_url https://access.redhat.com/errata/RHSA-2023:1809
reference_id RHSA-2023:1809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1809
32
reference_url https://access.redhat.com/errata/RHSA-2023:1810
reference_id RHSA-2023:1810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1810
33
reference_url https://access.redhat.com/errata/RHSA-2023:1811
reference_id RHSA-2023:1811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1811
34
reference_url https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0
reference_id security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:03:37Z/
url https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0
fixed_packages
0
url pkg:npm/matrix-js-sdk@24.0.0
purl pkg:npm/matrix-js-sdk@24.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cjfe-qh1a-6bfc
1
vulnerability VCID-k23m-f2ma-guc5
2
vulnerability VCID-n8jg-38q6-hyf8
3
vulnerability VCID-rve8-bh5h-g7fz
4
vulnerability VCID-uuqj-sdvf-abdn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@24.0.0
aliases CVE-2023-28427, GHSA-mwq8-fjpf-c2gr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5ft-rfve-67fd
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@0.10.4