Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/matrix-js-sdk@0.6.3
Typenpm
Namespace
Namematrix-js-sdk
Version0.6.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version38.2.0
Latest_non_vulnerable_version38.2.0
Affected_by_vulnerabilities
0
url VCID-2b4g-ezdx-euad
vulnerability_id VCID-2b4g-ezdx-euad
summary information disclosure
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-40823
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.36865
published_at 2026-06-04T12:55:00Z
1
value 0.00162
scoring_system epss
scoring_elements 0.36904
published_at 2026-06-09T12:55:00Z
2
value 0.00162
scoring_system epss
scoring_elements 0.36891
published_at 2026-06-08T12:55:00Z
3
value 0.00162
scoring_system epss
scoring_elements 0.36929
published_at 2026-06-07T12:55:00Z
4
value 0.00162
scoring_system epss
scoring_elements 0.36963
published_at 2026-06-06T12:55:00Z
5
value 0.00162
scoring_system epss
scoring_elements 0.36957
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-40823
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40823
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40823
2
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
3
reference_url https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9
4
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v12.4.1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v12.4.1
5
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-23cm-x6j7-6hq3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-23cm-x6j7-6hq3
6
reference_url https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994213
reference_id 994213
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994213
8
reference_url https://security.archlinux.org/ASA-202109-4
reference_id ASA-202109-4
reference_type
scores
url https://security.archlinux.org/ASA-202109-4
9
reference_url https://security.archlinux.org/ASA-202109-5
reference_id ASA-202109-5
reference_type
scores
url https://security.archlinux.org/ASA-202109-5
10
reference_url https://security.archlinux.org/AVG-2377
reference_id AVG-2377
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2377
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40823
reference_id CVE-2021-40823
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-40823
12
reference_url https://github.com/advisories/GHSA-23cm-x6j7-6hq3
reference_id GHSA-23cm-x6j7-6hq3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23cm-x6j7-6hq3
fixed_packages
0
url pkg:npm/matrix-js-sdk@12.4.1
purl pkg:npm/matrix-js-sdk@12.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qky-f5t4-pufg
1
vulnerability VCID-dyhz-9pw7-5kfx
2
vulnerability VCID-fmvy-mvvs-h7gw
3
vulnerability VCID-j5fb-nvc6-8ka3
4
vulnerability VCID-peth-cw2p-z7bj
5
vulnerability VCID-rtku-qch5-jfah
6
vulnerability VCID-sgju-v2kk-23f9
7
vulnerability VCID-utme-k32f-2bgk
8
vulnerability VCID-uwfk-btzv-8uh5
9
vulnerability VCID-y1pp-ssrh-akg4
10
vulnerability VCID-ywbj-pvzd-77f5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@12.4.1
1
url pkg:npm/matrix-js-sdk@12.5.0-rc.1
purl pkg:npm/matrix-js-sdk@12.5.0-rc.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qky-f5t4-pufg
1
vulnerability VCID-dyhz-9pw7-5kfx
2
vulnerability VCID-fmvy-mvvs-h7gw
3
vulnerability VCID-j5fb-nvc6-8ka3
4
vulnerability VCID-peth-cw2p-z7bj
5
vulnerability VCID-rtku-qch5-jfah
6
vulnerability VCID-sgju-v2kk-23f9
7
vulnerability VCID-utme-k32f-2bgk
8
vulnerability VCID-uwfk-btzv-8uh5
9
vulnerability VCID-y1pp-ssrh-akg4
10
vulnerability VCID-ywbj-pvzd-77f5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@12.5.0-rc.1
aliases CVE-2021-40823, GHSA-23cm-x6j7-6hq3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2b4g-ezdx-euad
1
url VCID-5qky-f5t4-pufg
vulnerability_id VCID-5qky-f5t4-pufg
summary Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. An adversary could spoof historical messages from other users. Additionally, a malicious key backup to the user's account under certain unusual conditions in order to exfiltrate message keys.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39251.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39251.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39251
reference_id
reference_type
scores
0
value 0.00278
scoring_system epss
scoring_elements 0.5152
published_at 2026-06-06T12:55:00Z
1
value 0.00278
scoring_system epss
scoring_elements 0.51484
published_at 2026-06-09T12:55:00Z
2
value 0.00278
scoring_system epss
scoring_elements 0.51464
published_at 2026-06-08T12:55:00Z
3
value 0.00278
scoring_system epss
scoring_elements 0.51453
published_at 2026-06-04T12:55:00Z
4
value 0.00278
scoring_system epss
scoring_elements 0.51498
published_at 2026-06-07T12:55:00Z
5
value 0.00278
scoring_system epss
scoring_elements 0.51514
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39251
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39251
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39251
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
5
reference_url https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:00Z/
url https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
6
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:00Z/
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
7
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:00Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
8
reference_url https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:00Z/
url https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39251
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39251
10
reference_url https://security.gentoo.org/glsa/202210-35
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:00Z/
url https://security.gentoo.org/glsa/202210-35
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136
reference_id 1021136
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135396
reference_id 2135396
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135396
13
reference_url https://github.com/advisories/GHSA-r48r-j8fx-mq2c
reference_id GHSA-r48r-j8fx-mq2c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r48r-j8fx-mq2c
14
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
reference_id mfsa2022-43
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
15
reference_url https://access.redhat.com/errata/RHSA-2022:7178
reference_id RHSA-2022:7178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7178
16
reference_url https://access.redhat.com/errata/RHSA-2022:7181
reference_id RHSA-2022:7181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7181
17
reference_url https://access.redhat.com/errata/RHSA-2022:7182
reference_id RHSA-2022:7182
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7182
18
reference_url https://access.redhat.com/errata/RHSA-2022:7183
reference_id RHSA-2022:7183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7183
19
reference_url https://access.redhat.com/errata/RHSA-2022:7184
reference_id RHSA-2022:7184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7184
20
reference_url https://access.redhat.com/errata/RHSA-2022:7190
reference_id RHSA-2022:7190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7190
21
reference_url https://usn.ubuntu.com/5724-1/
reference_id USN-5724-1
reference_type
scores
url https://usn.ubuntu.com/5724-1/
fixed_packages
0
url pkg:npm/matrix-js-sdk@19.7.0
purl pkg:npm/matrix-js-sdk@19.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fmvy-mvvs-h7gw
1
vulnerability VCID-peth-cw2p-z7bj
2
vulnerability VCID-sgju-v2kk-23f9
3
vulnerability VCID-utme-k32f-2bgk
4
vulnerability VCID-uwfk-btzv-8uh5
5
vulnerability VCID-y1pp-ssrh-akg4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@19.7.0
aliases CVE-2022-39251, GHSA-r48r-j8fx-mq2c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qky-f5t4-pufg
2
url VCID-dyhz-9pw7-5kfx
vulnerability_id VCID-dyhz-9pw7-5kfx
summary Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39249.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39249.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39249
reference_id
reference_type
scores
0
value 0.00477
scoring_system epss
scoring_elements 0.65343
published_at 2026-06-07T12:55:00Z
1
value 0.00477
scoring_system epss
scoring_elements 0.65354
published_at 2026-06-06T12:55:00Z
2
value 0.00477
scoring_system epss
scoring_elements 0.65352
published_at 2026-06-09T12:55:00Z
3
value 0.00477
scoring_system epss
scoring_elements 0.65302
published_at 2026-06-04T12:55:00Z
4
value 0.00477
scoring_system epss
scoring_elements 0.65333
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39249
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39249
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39249
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
5
reference_url https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:04Z/
url https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
6
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:04Z/
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
7
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:04Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg
8
reference_url https://github.com/matrix-org/matrix-spec-proposals/pull/3061
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:04Z/
url https://github.com/matrix-org/matrix-spec-proposals/pull/3061
9
reference_url https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:04Z/
url https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39249
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39249
11
reference_url https://security.gentoo.org/glsa/202210-35
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:04Z/
url https://security.gentoo.org/glsa/202210-35
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136
reference_id 1021136
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135393
reference_id 2135393
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135393
14
reference_url https://github.com/advisories/GHSA-6263-x97c-c4gg
reference_id GHSA-6263-x97c-c4gg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6263-x97c-c4gg
15
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
reference_id mfsa2022-43
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
16
reference_url https://access.redhat.com/errata/RHSA-2022:7178
reference_id RHSA-2022:7178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7178
17
reference_url https://access.redhat.com/errata/RHSA-2022:7181
reference_id RHSA-2022:7181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7181
18
reference_url https://access.redhat.com/errata/RHSA-2022:7182
reference_id RHSA-2022:7182
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7182
19
reference_url https://access.redhat.com/errata/RHSA-2022:7183
reference_id RHSA-2022:7183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7183
20
reference_url https://access.redhat.com/errata/RHSA-2022:7184
reference_id RHSA-2022:7184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7184
21
reference_url https://access.redhat.com/errata/RHSA-2022:7190
reference_id RHSA-2022:7190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7190
22
reference_url https://usn.ubuntu.com/5724-1/
reference_id USN-5724-1
reference_type
scores
url https://usn.ubuntu.com/5724-1/
fixed_packages
0
url pkg:npm/matrix-js-sdk@19.7.0
purl pkg:npm/matrix-js-sdk@19.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fmvy-mvvs-h7gw
1
vulnerability VCID-peth-cw2p-z7bj
2
vulnerability VCID-sgju-v2kk-23f9
3
vulnerability VCID-utme-k32f-2bgk
4
vulnerability VCID-uwfk-btzv-8uh5
5
vulnerability VCID-y1pp-ssrh-akg4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@19.7.0
aliases CVE-2022-39249, GHSA-6263-x97c-c4gg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dyhz-9pw7-5kfx
3
url VCID-fmvy-mvvs-h7gw
vulnerability_id VCID-fmvy-mvvs-h7gw
summary Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28427.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28427.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28427
reference_id
reference_type
scores
0
value 0.00602
scoring_system epss
scoring_elements 0.69943
published_at 2026-06-06T12:55:00Z
1
value 0.00602
scoring_system epss
scoring_elements 0.6994
published_at 2026-06-09T12:55:00Z
2
value 0.00602
scoring_system epss
scoring_elements 0.69917
published_at 2026-06-08T12:55:00Z
3
value 0.00602
scoring_system epss
scoring_elements 0.69929
published_at 2026-06-07T12:55:00Z
4
value 0.00602
scoring_system epss
scoring_elements 0.69934
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28427
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1945
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1945
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1999
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1999
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28427
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28427
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29479
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29479
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29533
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29533
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29535
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29535
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29536
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29539
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29541
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29541
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29548
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29548
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29550
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29550
14
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
15
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
16
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00027.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:03:37Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00027.html
17
reference_url https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:03:37Z/
url https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0
18
reference_url https://security.gentoo.org/glsa/202305-36
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:03:37Z/
url https://security.gentoo.org/glsa/202305-36
19
reference_url https://www.debian.org/security/2023/dsa-5392
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:03:37Z/
url https://www.debian.org/security/2023/dsa-5392
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033621
reference_id 1033621
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033621
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2183278
reference_id 2183278
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2183278
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28427
reference_id CVE-2023-28427
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28427
23
reference_url https://github.com/advisories/GHSA-mwq8-fjpf-c2gr
reference_id GHSA-mwq8-fjpf-c2gr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwq8-fjpf-c2gr
24
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr
reference_id GHSA-mwq8-fjpf-c2gr
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:03:37Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr
25
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-rfv9-x7hh-xc32
reference_id GHSA-rfv9-x7hh-xc32
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-rfv9-x7hh-xc32
26
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2023-12
reference_id mfsa2023-12
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2023-12
27
reference_url https://access.redhat.com/errata/RHSA-2023:1802
reference_id RHSA-2023:1802
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1802
28
reference_url https://access.redhat.com/errata/RHSA-2023:1803
reference_id RHSA-2023:1803
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1803
29
reference_url https://access.redhat.com/errata/RHSA-2023:1804
reference_id RHSA-2023:1804
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1804
30
reference_url https://access.redhat.com/errata/RHSA-2023:1805
reference_id RHSA-2023:1805
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1805
31
reference_url https://access.redhat.com/errata/RHSA-2023:1806
reference_id RHSA-2023:1806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1806
32
reference_url https://access.redhat.com/errata/RHSA-2023:1809
reference_id RHSA-2023:1809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1809
33
reference_url https://access.redhat.com/errata/RHSA-2023:1810
reference_id RHSA-2023:1810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1810
34
reference_url https://access.redhat.com/errata/RHSA-2023:1811
reference_id RHSA-2023:1811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1811
fixed_packages
0
url pkg:npm/matrix-js-sdk@24.0.0
purl pkg:npm/matrix-js-sdk@24.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-peth-cw2p-z7bj
1
vulnerability VCID-sgju-v2kk-23f9
2
vulnerability VCID-utme-k32f-2bgk
3
vulnerability VCID-uwfk-btzv-8uh5
4
vulnerability VCID-y1pp-ssrh-akg4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@24.0.0
aliases CVE-2023-28427, GHSA-mwq8-fjpf-c2gr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmvy-mvvs-h7gw
4
url VCID-j5fb-nvc6-8ka3
vulnerability_id VCID-j5fb-nvc6-8ka3
summary Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack. An adversary sharing a room with a user had the ability to carry out an attack against affected clients, making it not show all of a user's rooms or spaces and/or causing minor temporary corruption.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36059.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36059.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36059
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.49055
published_at 2026-06-05T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.49031
published_at 2026-06-09T12:55:00Z
2
value 0.00255
scoring_system epss
scoring_elements 0.49018
published_at 2026-06-08T12:55:00Z
3
value 0.00255
scoring_system epss
scoring_elements 0.49049
published_at 2026-06-07T12:55:00Z
4
value 0.00255
scoring_system epss
scoring_elements 0.48994
published_at 2026-06-04T12:55:00Z
5
value 0.00255
scoring_system epss
scoring_elements 0.49065
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36059
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
5
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.4.0
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.4.0
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018970
reference_id 1018970
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018970
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2123258
reference_id 2123258
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2123258
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36059
reference_id CVE-2022-36059
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36059
9
reference_url https://github.com/advisories/GHSA-rfv9-x7hh-xc32
reference_id GHSA-rfv9-x7hh-xc32
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rfv9-x7hh-xc32
10
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-rfv9-x7hh-xc32
reference_id GHSA-rfv9-x7hh-xc32
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:05:25Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-rfv9-x7hh-xc32
11
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-38
reference_id mfsa2022-38
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-38
12
reference_url https://access.redhat.com/errata/RHSA-2022:6708
reference_id RHSA-2022:6708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6708
13
reference_url https://access.redhat.com/errata/RHSA-2022:6710
reference_id RHSA-2022:6710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6710
14
reference_url https://access.redhat.com/errata/RHSA-2022:6713
reference_id RHSA-2022:6713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6713
15
reference_url https://access.redhat.com/errata/RHSA-2022:6715
reference_id RHSA-2022:6715
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6715
16
reference_url https://access.redhat.com/errata/RHSA-2022:6716
reference_id RHSA-2022:6716
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6716
17
reference_url https://access.redhat.com/errata/RHSA-2022:6717
reference_id RHSA-2022:6717
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6717
18
reference_url https://usn.ubuntu.com/5663-1/
reference_id USN-5663-1
reference_type
scores
url https://usn.ubuntu.com/5663-1/
fixed_packages
0
url pkg:npm/matrix-js-sdk@19.4.0
purl pkg:npm/matrix-js-sdk@19.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qky-f5t4-pufg
1
vulnerability VCID-877t-h6w3-dkdf
2
vulnerability VCID-dyhz-9pw7-5kfx
3
vulnerability VCID-fmvy-mvvs-h7gw
4
vulnerability VCID-peth-cw2p-z7bj
5
vulnerability VCID-rtku-qch5-jfah
6
vulnerability VCID-sgju-v2kk-23f9
7
vulnerability VCID-utme-k32f-2bgk
8
vulnerability VCID-uwfk-btzv-8uh5
9
vulnerability VCID-y1pp-ssrh-akg4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@19.4.0
aliases CVE-2022-36059, GHSA-rfv9-x7hh-xc32
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j5fb-nvc6-8ka3
5
url VCID-peth-cw2p-z7bj
vulnerability_id VCID-peth-cw2p-z7bj
summary 
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another
matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in `MatrixClient::getJoinedRooms`, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59160
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.2852
published_at 2026-06-09T12:55:00Z
1
value 0.00108
scoring_system epss
scoring_elements 0.28515
published_at 2026-06-08T12:55:00Z
2
value 0.00108
scoring_system epss
scoring_elements 0.28547
published_at 2026-06-07T12:55:00Z
3
value 0.00108
scoring_system epss
scoring_elements 0.28585
published_at 2026-06-06T12:55:00Z
4
value 0.00108
scoring_system epss
scoring_elements 0.28625
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59160
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59160
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59160
2
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
3
reference_url https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-16T17:29:36Z/
url https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
4
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v38.2.0
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v38.2.0
5
reference_url https://www.npmjs.com/package/matrix-js-sdk/v/38.2.0
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/matrix-js-sdk/v/38.2.0
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59160
reference_id CVE-2025-59160
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59160
7
reference_url https://github.com/advisories/GHSA-mp7c-m3rh-r56v
reference_id GHSA-mp7c-m3rh-r56v
reference_type
scores
url https://github.com/advisories/GHSA-mp7c-m3rh-r56v
8
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
reference_id GHSA-mp7c-m3rh-r56v
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-16T17:29:36Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
fixed_packages
0
url pkg:npm/matrix-js-sdk@38.2.0
purl pkg:npm/matrix-js-sdk@38.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@38.2.0
aliases CVE-2025-59160, GHSA-mp7c-m3rh-r56v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-peth-cw2p-z7bj
6
url VCID-rtku-qch5-jfah
vulnerability_id VCID-rtku-qch5-jfah
summary Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39250.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39250.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39250
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.53005
published_at 2026-06-04T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.5303
published_at 2026-06-08T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.53055
published_at 2026-06-09T12:55:00Z
3
value 0.00294
scoring_system epss
scoring_elements 0.53066
published_at 2026-06-05T12:55:00Z
4
value 0.00294
scoring_system epss
scoring_elements 0.53073
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39250
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39250
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39250
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
5
reference_url https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:35Z/
url https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
6
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:35Z/
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
7
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:35Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf
8
reference_url https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:35Z/
url https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39250
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39250
10
reference_url https://security.gentoo.org/glsa/202210-35
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:35Z/
url https://security.gentoo.org/glsa/202210-35
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136
reference_id 1021136
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021136
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135395
reference_id 2135395
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135395
13
reference_url https://github.com/advisories/GHSA-5w8r-8pgj-5jmf
reference_id GHSA-5w8r-8pgj-5jmf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5w8r-8pgj-5jmf
14
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
reference_id mfsa2022-43
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
15
reference_url https://access.redhat.com/errata/RHSA-2022:7178
reference_id RHSA-2022:7178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7178
16
reference_url https://access.redhat.com/errata/RHSA-2022:7181
reference_id RHSA-2022:7181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7181
17
reference_url https://access.redhat.com/errata/RHSA-2022:7182
reference_id RHSA-2022:7182
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7182
18
reference_url https://access.redhat.com/errata/RHSA-2022:7183
reference_id RHSA-2022:7183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7183
19
reference_url https://access.redhat.com/errata/RHSA-2022:7184
reference_id RHSA-2022:7184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7184
20
reference_url https://access.redhat.com/errata/RHSA-2022:7190
reference_id RHSA-2022:7190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7190
21
reference_url https://usn.ubuntu.com/5724-1/
reference_id USN-5724-1
reference_type
scores
url https://usn.ubuntu.com/5724-1/
fixed_packages
0
url pkg:npm/matrix-js-sdk@19.7.0
purl pkg:npm/matrix-js-sdk@19.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fmvy-mvvs-h7gw
1
vulnerability VCID-peth-cw2p-z7bj
2
vulnerability VCID-sgju-v2kk-23f9
3
vulnerability VCID-utme-k32f-2bgk
4
vulnerability VCID-uwfk-btzv-8uh5
5
vulnerability VCID-y1pp-ssrh-akg4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@19.7.0
aliases CVE-2022-39250, GHSA-5w8r-8pgj-5jmf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rtku-qch5-jfah
7
url VCID-sgju-v2kk-23f9
vulnerability_id VCID-sgju-v2kk-23f9
summary 
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's `getRoomUpgradeHistory` function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42369
reference_id
reference_type
scores
0
value 0.00205
scoring_system epss
scoring_elements 0.42624
published_at 2026-06-07T12:55:00Z
1
value 0.00205
scoring_system epss
scoring_elements 0.42597
published_at 2026-06-09T12:55:00Z
2
value 0.00205
scoring_system epss
scoring_elements 0.42588
published_at 2026-06-08T12:55:00Z
3
value 0.00205
scoring_system epss
scoring_elements 0.42651
published_at 2026-06-06T12:55:00Z
4
value 0.00205
scoring_system epss
scoring_elements 0.4264
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42369
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42369
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42369
2
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
3
reference_url https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:41:11Z/
url https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42369
reference_id CVE-2024-42369
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42369
5
reference_url https://github.com/advisories/GHSA-vhr5-g3pm-49fm
reference_id GHSA-vhr5-g3pm-49fm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vhr5-g3pm-49fm
6
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm
reference_id GHSA-vhr5-g3pm-49fm
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:41:11Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm
fixed_packages
0
url pkg:npm/matrix-js-sdk@34.3.1
purl pkg:npm/matrix-js-sdk@34.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-peth-cw2p-z7bj
1
vulnerability VCID-utme-k32f-2bgk
2
vulnerability VCID-y1pp-ssrh-akg4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@34.3.1
aliases CVE-2024-42369, GHSA-vhr5-g3pm-49fm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sgju-v2kk-23f9
8
url VCID-utme-k32f-2bgk
vulnerability_id VCID-utme-k32f-2bgk
summary The Matrix specification demands homeservers to perform validation of the server-name and media-id components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent client-side path traversal. matrix-js-sdk fails to perform this validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50336
reference_id
reference_type
scores
0
value 0.00877
scoring_system epss
scoring_elements 0.75667
published_at 2026-06-08T12:55:00Z
1
value 0.00877
scoring_system epss
scoring_elements 0.75693
published_at 2026-06-09T12:55:00Z
2
value 0.00877
scoring_system epss
scoring_elements 0.75686
published_at 2026-06-05T12:55:00Z
3
value 0.00877
scoring_system epss
scoring_elements 0.75689
published_at 2026-06-06T12:55:00Z
4
value 0.00877
scoring_system epss
scoring_elements 0.75679
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50336
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50336
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50336
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
4
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html
5
reference_url https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T17:11:23Z/
url https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50336
reference_id CVE-2024-50336
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50336
7
reference_url https://github.com/advisories/GHSA-xvg8-m4x3-w6xr
reference_id GHSA-xvg8-m4x3-w6xr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xvg8-m4x3-w6xr
8
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr
reference_id GHSA-xvg8-m4x3-w6xr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T17:11:23Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr
9
reference_url https://security.gentoo.org/glsa/202505-03
reference_id GLSA-202505-03
reference_type
scores
url https://security.gentoo.org/glsa/202505-03
10
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2024-69
reference_id mfsa2024-69
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2024-69
11
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-04
reference_id mfsa2025-04
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-04
12
reference_url https://usn.ubuntu.com/7991-1/
reference_id USN-7991-1
reference_type
scores
url https://usn.ubuntu.com/7991-1/
fixed_packages
0
url pkg:npm/matrix-js-sdk@34.11.1
purl pkg:npm/matrix-js-sdk@34.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-peth-cw2p-z7bj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@34.11.1
aliases CVE-2024-50336, GHSA-xvg8-m4x3-w6xr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utme-k32f-2bgk
9
url VCID-uwfk-btzv-8uh5
vulnerability_id VCID-uwfk-btzv-8uh5
summary 
Missing Authorization
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possible because matrix-js-sdk's group call implementation accepts incoming direct calls from other users, even if they have not yet declared intent to participate in the group call, as a means of resolving a race condition in call setup. Affected versions do not restrict access to the user's outbound media in this case. Legacy 1:1 calls are unaffected. This is fixed in matrix-js-sdk 24.1.0. As a workaround, users may hold group calls in private rooms where only the exact users who are expected to participate in the call are present.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29529
reference_id
reference_type
scores
0
value 0.00184
scoring_system epss
scoring_elements 0.39983
published_at 2026-06-07T12:55:00Z
1
value 0.00184
scoring_system epss
scoring_elements 0.39973
published_at 2026-06-09T12:55:00Z
2
value 0.00184
scoring_system epss
scoring_elements 0.39956
published_at 2026-06-08T12:55:00Z
3
value 0.00184
scoring_system epss
scoring_elements 0.40011
published_at 2026-06-06T12:55:00Z
4
value 0.00184
scoring_system epss
scoring_elements 0.40008
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29529
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29529
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29529
2
reference_url https://github.com/matrix-org/matrix-js-sdk
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-js-sdk
3
reference_url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v24.1.0
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T18:45:25Z/
url https://github.com/matrix-org/matrix-js-sdk/releases/tag/v24.1.0
4
reference_url https://github.com/matrix-org/matrix-spec-proposals/pull/3401
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T18:45:25Z/
url https://github.com/matrix-org/matrix-spec-proposals/pull/3401
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29529
reference_id CVE-2023-29529
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29529
6
reference_url https://github.com/advisories/GHSA-6g67-q39g-r79q
reference_id GHSA-6g67-q39g-r79q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6g67-q39g-r79q
7
reference_url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6g67-q39g-r79q
reference_id GHSA-6g67-q39g-r79q
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T18:45:25Z/
url https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6g67-q39g-r79q
fixed_packages
0
url pkg:npm/matrix-js-sdk@24.1.0
purl pkg:npm/matrix-js-sdk@24.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-peth-cw2p-z7bj
1
vulnerability VCID-sgju-v2kk-23f9
2
vulnerability VCID-utme-k32f-2bgk
3
vulnerability VCID-y1pp-ssrh-akg4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@24.1.0
aliases CVE-2023-29529, GHSA-6g67-q39g-r79q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uwfk-btzv-8uh5
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/matrix-js-sdk@0.6.3