Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/matrix-synapse@1.2.0rc1
Typepypi
Namespace
Namematrix-synapse
Version1.2.0rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.152.1
Latest_non_vulnerable_version1.152.1
Affected_by_vulnerabilities
0
url VCID-1xwm-33sy-3qfv
vulnerability_id VCID-1xwm-33sy-3qfv
summary Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This vulnerability is fixed in 1.152.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45076
reference_id
reference_type
scores
0
value 0.00091
scoring_system epss
scoring_elements 0.25759
published_at 2026-06-11T12:55:00Z
1
value 0.00091
scoring_system epss
scoring_elements 0.25959
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45076
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2026-194.yaml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2026-194.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45076
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45076
4
reference_url https://github.com/advisories/GHSA-6qf2-7x63-mm6v
reference_id GHSA-6qf2-7x63-mm6v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qf2-7x63-mm6v
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-6qf2-7x63-mm6v
reference_id GHSA-6qf2-7x63-mm6v
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T14:51:22Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-6qf2-7x63-mm6v
fixed_packages
0
url pkg:pypi/matrix-synapse@1.152.1
purl pkg:pypi/matrix-synapse@1.152.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.152.1
aliases CVE-2026-45076, CVE-2026-45076,, GHSA-6qf2-7x63-mm6v, PYSEC-2026-194
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xwm-33sy-3qfv
1
url VCID-27ht-47d2-77f6
vulnerability_id VCID-27ht-47d2-77f6
summary Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31152
reference_id
reference_type
scores
0
value 0.00731
scoring_system epss
scoring_elements 0.73228
published_at 2026-06-12T12:55:00Z
1
value 0.00731
scoring_system epss
scoring_elements 0.73151
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31152
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/d4b1c0d800eaa83c4d56a9cf17881ad362b9194b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/d4b1c0d800eaa83c4d56a9cf17881ad362b9194b
3
reference_url https://github.com/matrix-org/synapse/commit/e16ea87d0f8c4c30cad36f85488eb1f647e640b0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/e16ea87d0f8c4c30cad36f85488eb1f647e640b0
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-262.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-262.yaml
5
reference_url https://github.com/matrix-org/synapse/pull/13087
reference_id 13087
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:29Z/
url https://github.com/matrix-org/synapse/pull/13087
6
reference_url https://github.com/matrix-org/synapse/pull/13088
reference_id 13088
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:29Z/
url https://github.com/matrix-org/synapse/pull/13088
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31152
reference_id CVE-2022-31152
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31152
8
reference_url https://github.com/advisories/GHSA-jhjh-776m-4765
reference_id GHSA-jhjh-776m-4765
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jhjh-776m-4765
9
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765
reference_id GHSA-jhjh-776m-4765
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:29Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765
10
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.62.0
reference_id v1.62.0
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:29Z/
url https://github.com/matrix-org/synapse/releases/tag/v1.62.0
fixed_packages
0
url pkg:pypi/matrix-synapse@1.62.0rc1
purl pkg:pypi/matrix-synapse@1.62.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-bkk8-srvr-pqfj
9
vulnerability VCID-c1vt-9j6a-b7cr
10
vulnerability VCID-hqwh-2un3-bqd8
11
vulnerability VCID-n8mv-4upg-hfa3
12
vulnerability VCID-p9ck-pwqp-qyc7
13
vulnerability VCID-rcdd-qkxt-nuez
14
vulnerability VCID-s1jf-x5ug-jqcq
15
vulnerability VCID-y6j7-eetd-pkfh
16
vulnerability VCID-yync-gs3f-nyax
17
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.62.0rc1
1
url pkg:pypi/matrix-synapse@1.62.0
purl pkg:pypi/matrix-synapse@1.62.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-5h97-3s9w-c3ab
4
vulnerability VCID-7v7h-zrjj-pkh3
5
vulnerability VCID-8n5g-1zby-77gj
6
vulnerability VCID-9uhc-e3bj-nqg7
7
vulnerability VCID-bkk8-srvr-pqfj
8
vulnerability VCID-c1vt-9j6a-b7cr
9
vulnerability VCID-hqwh-2un3-bqd8
10
vulnerability VCID-n8mv-4upg-hfa3
11
vulnerability VCID-nhzy-spbw-hucj
12
vulnerability VCID-p9ck-pwqp-qyc7
13
vulnerability VCID-rcdd-qkxt-nuez
14
vulnerability VCID-s1jf-x5ug-jqcq
15
vulnerability VCID-y6j7-eetd-pkfh
16
vulnerability VCID-yync-gs3f-nyax
17
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.62.0
aliases CVE-2022-31152, GHSA-jhjh-776m-4765, PYSEC-2022-262
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27ht-47d2-77f6
2
url VCID-2ctw-4fy5-4ufd
vulnerability_id VCID-2ctw-4fy5-4ufd
summary Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31208
reference_id
reference_type
scores
0
value 0.0419
scoring_system epss
scoring_elements 0.8897
published_at 2026-06-11T12:55:00Z
1
value 0.0419
scoring_system epss
scoring_elements 0.89008
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31208
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-50.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-50.yaml
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069763
reference_id 1069763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069763
7
reference_url https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a
reference_id 55b0aa847a61774b6a3acdc4b177a20dc019f01a
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31208
reference_id CVE-2024-31208
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-31208
9
reference_url https://github.com/advisories/GHSA-3h7q-rfh9-xm4v
reference_id GHSA-3h7q-rfh9-xm4v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3h7q-rfh9-xm4v
10
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v
reference_id GHSA-3h7q-rfh9-xm4v
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB/
reference_id R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K/
reference_id RR53FNHV446CB37TP45GZ6F6HZLZCK3K
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K/
13
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
14
reference_url https://github.com/element-hq/synapse/releases/tag/v1.105.1
reference_id v1.105.1
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://github.com/element-hq/synapse/releases/tag/v1.105.1
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET/
reference_id VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.105.1
purl pkg:pypi/matrix-synapse@1.105.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-3ngy-dt6j-tuef
2
vulnerability VCID-7v7h-zrjj-pkh3
3
vulnerability VCID-c1vt-9j6a-b7cr
4
vulnerability VCID-hqwh-2un3-bqd8
5
vulnerability VCID-n8mv-4upg-hfa3
6
vulnerability VCID-rcdd-qkxt-nuez
7
vulnerability VCID-s1jf-x5ug-jqcq
8
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.105.1
aliases CVE-2024-31208, GHSA-3h7q-rfh9-xm4v, PYSEC-2024-50
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ctw-4fy5-4ufd
3
url VCID-2du1-3n24-rbgx
vulnerability_id VCID-2du1-3n24-rbgx
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21273
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55672
published_at 2026-06-11T12:55:00Z
1
value 0.00322
scoring_system epss
scoring_elements 0.55791
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21273
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746
3
reference_url https://github.com/matrix-org/synapse/pull/8821
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/8821
4
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.25.0
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.25.0
5
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-131.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-131.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21273
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21273
9
reference_url https://github.com/advisories/GHSA-v936-j8gp-9q3p
reference_id GHSA-v936-j8gp-9q3p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v936-j8gp-9q3p
fixed_packages
0
url pkg:pypi/matrix-synapse@1.25.0
purl pkg:pypi/matrix-synapse@1.25.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-4kph-6snj-huhk
5
vulnerability VCID-5h97-3s9w-c3ab
6
vulnerability VCID-7v7h-zrjj-pkh3
7
vulnerability VCID-86br-xun2-gudx
8
vulnerability VCID-8974-zsm2-ybbv
9
vulnerability VCID-8n5g-1zby-77gj
10
vulnerability VCID-9uhc-e3bj-nqg7
11
vulnerability VCID-b2u5-56b4-63ae
12
vulnerability VCID-bkk8-srvr-pqfj
13
vulnerability VCID-c1vt-9j6a-b7cr
14
vulnerability VCID-cjar-y1hc-4ybu
15
vulnerability VCID-dux1-nmrm-xqa1
16
vulnerability VCID-g8ff-1859-ekhm
17
vulnerability VCID-hqwh-2un3-bqd8
18
vulnerability VCID-j879-8928-yyh8
19
vulnerability VCID-n8mv-4upg-hfa3
20
vulnerability VCID-p9ck-pwqp-qyc7
21
vulnerability VCID-rcdd-qkxt-nuez
22
vulnerability VCID-s1jf-x5ug-jqcq
23
vulnerability VCID-sz98-t7z9-bqea
24
vulnerability VCID-v2m6-n5w2-wfc5
25
vulnerability VCID-vns7-ssd1-8bhe
26
vulnerability VCID-y6j7-eetd-pkfh
27
vulnerability VCID-yu4n-aq57-67g5
28
vulnerability VCID-yync-gs3f-nyax
29
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.25.0
aliases CVE-2021-21273, GHSA-v936-j8gp-9q3p, PYSEC-2021-131
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2du1-3n24-rbgx
4
url VCID-3ngy-dt6j-tuef
vulnerability_id VCID-3ngy-dt6j-tuef
summary Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30355
reference_id
reference_type
scores
0
value 0.13201
scoring_system epss
scoring_elements 0.94296
published_at 2026-06-11T12:55:00Z
1
value 0.13201
scoring_system epss
scoring_elements 0.94317
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30355
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30355
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30355
3
reference_url https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389
reference_id 2277df2a1eb685f85040ef98fa21d41aa4cdd389
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:47:41Z/
url https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389
4
reference_url https://github.com/advisories/GHSA-v56r-hwv5-mxg6
reference_id GHSA-v56r-hwv5-mxg6
reference_type
scores
url https://github.com/advisories/GHSA-v56r-hwv5-mxg6
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
reference_id GHSA-v56r-hwv5-mxg6
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:47:41Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
6
reference_url https://github.com/element-hq/synapse/releases/tag/v1.127.1
reference_id v1.127.1
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:47:41Z/
url https://github.com/element-hq/synapse/releases/tag/v1.127.1
fixed_packages
0
url pkg:pypi/matrix-synapse@1.127.1
purl pkg:pypi/matrix-synapse@1.127.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-n8mv-4upg-hfa3
2
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.127.1
aliases CVE-2025-30355, GHSA-v56r-hwv5-mxg6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ngy-dt6j-tuef
5
url VCID-4kph-6snj-huhk
vulnerability_id VCID-4kph-6snj-huhk
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21394
reference_id
reference_type
scores
0
value 0.00519
scoring_system epss
scoring_elements 0.67205
published_at 2026-06-11T12:55:00Z
1
value 0.00519
scoring_system epss
scoring_elements 0.67297
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21394
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/pull/9321
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9321
3
reference_url https://github.com/matrix-org/synapse/pull/9393
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9393
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-27.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-27.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21394
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21394
8
reference_url https://pypi.org/project/matrix-synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/matrix-synapse
9
reference_url https://pypi.org/project/matrix-synapse/
reference_id
reference_type
scores
url https://pypi.org/project/matrix-synapse/
10
reference_url https://github.com/advisories/GHSA-w9fg-xffh-p362
reference_id GHSA-w9fg-xffh-p362
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9fg-xffh-p362
fixed_packages
0
url pkg:pypi/matrix-synapse@1.28.0
purl pkg:pypi/matrix-synapse@1.28.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-86br-xun2-gudx
7
vulnerability VCID-8974-zsm2-ybbv
8
vulnerability VCID-8n5g-1zby-77gj
9
vulnerability VCID-9uhc-e3bj-nqg7
10
vulnerability VCID-b2u5-56b4-63ae
11
vulnerability VCID-bkk8-srvr-pqfj
12
vulnerability VCID-c1vt-9j6a-b7cr
13
vulnerability VCID-dux1-nmrm-xqa1
14
vulnerability VCID-g8ff-1859-ekhm
15
vulnerability VCID-hqwh-2un3-bqd8
16
vulnerability VCID-n8mv-4upg-hfa3
17
vulnerability VCID-p9ck-pwqp-qyc7
18
vulnerability VCID-rcdd-qkxt-nuez
19
vulnerability VCID-s1jf-x5ug-jqcq
20
vulnerability VCID-sz98-t7z9-bqea
21
vulnerability VCID-vns7-ssd1-8bhe
22
vulnerability VCID-y6j7-eetd-pkfh
23
vulnerability VCID-yync-gs3f-nyax
24
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.28.0
aliases CVE-2021-21394, GHSA-w9fg-xffh-p362, PYSEC-2021-27
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kph-6snj-huhk
6
url VCID-5h97-3s9w-c3ab
vulnerability_id VCID-5h97-3s9w-c3ab
summary Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42453
reference_id
reference_type
scores
0
value 0.00132
scoring_system epss
scoring_elements 0.32515
published_at 2026-06-12T12:55:00Z
1
value 0.00132
scoring_system epss
scoring_elements 0.32334
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42453
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/63d28a88c1d18c64ea7e23b6dd7483e6d5dcf881
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/63d28a88c1d18c64ea7e23b6dd7483e6d5dcf881
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-180.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-180.yaml
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42453
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42453
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053283
reference_id 1053283
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053283
9
reference_url https://github.com/matrix-org/synapse/pull/16327
reference_id 16327
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:28:42Z/
url https://github.com/matrix-org/synapse/pull/16327
10
reference_url https://security.gentoo.org/glsa/202401-12
reference_id 202401-12
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:28:42Z/
url https://security.gentoo.org/glsa/202401-12
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/
reference_id 2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:28:42Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/
reference_id 65QPC55I4D27HIZP7H2NQ34EOXHPP4AO
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:28:42Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/
13
reference_url https://github.com/advisories/GHSA-7565-cq32-vx2x
reference_id GHSA-7565-cq32-vx2x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7565-cq32-vx2x
14
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x
reference_id GHSA-7565-cq32-vx2x
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:28:42Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/
reference_id N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:28:42Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/
16
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.93.0
purl pkg:pypi/matrix-synapse@1.93.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-7v7h-zrjj-pkh3
4
vulnerability VCID-c1vt-9j6a-b7cr
5
vulnerability VCID-hqwh-2un3-bqd8
6
vulnerability VCID-n8mv-4upg-hfa3
7
vulnerability VCID-rcdd-qkxt-nuez
8
vulnerability VCID-s1jf-x5ug-jqcq
9
vulnerability VCID-y6j7-eetd-pkfh
10
vulnerability VCID-yync-gs3f-nyax
11
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.93.0
aliases CVE-2023-42453, GHSA-7565-cq32-vx2x, PYSEC-2023-180
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5h97-3s9w-c3ab
7
url VCID-6a8s-n8vb-hker
vulnerability_id VCID-6a8s-n8vb-hker
summary denial of service
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26257
reference_id
reference_type
scores
0
value 0.0045
scoring_system epss
scoring_elements 0.64075
published_at 2026-06-11T12:55:00Z
1
value 0.0045
scoring_system epss
scoring_elements 0.64178
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26257
1
reference_url https://github.com/matrix-org/synapse/blob/develop/CHANGES.md#synapse-1231-2020-12-09
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/blob/develop/CHANGES.md#synapse-1231-2020-12-09
2
reference_url https://github.com/matrix-org/synapse/commit/3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b
3
reference_url https://github.com/matrix-org/synapse/pull/8776
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/8776
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2020-236.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2020-236.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DBTIU3ZNBFWZ56V4X7JIAD33V5H2GOMC
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DBTIU3ZNBFWZ56V4X7JIAD33V5H2GOMC
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DBTIU3ZNBFWZ56V4X7JIAD33V5H2GOMC/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DBTIU3ZNBFWZ56V4X7JIAD33V5H2GOMC/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR4MMYZKX5N5GYGH4H5LBUUC5TLAFHI7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR4MMYZKX5N5GYGH4H5LBUUC5TLAFHI7
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR4MMYZKX5N5GYGH4H5LBUUC5TLAFHI7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR4MMYZKX5N5GYGH4H5LBUUC5TLAFHI7/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26257
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26257
11
reference_url https://security.archlinux.org/AVG-1341
reference_id AVG-1341
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1341
12
reference_url https://github.com/advisories/GHSA-hxmp-pqch-c8mm
reference_id GHSA-hxmp-pqch-c8mm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hxmp-pqch-c8mm
fixed_packages
0
url pkg:pypi/matrix-synapse@1.23.1
purl pkg:pypi/matrix-synapse@1.23.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-2du1-3n24-rbgx
4
vulnerability VCID-3ngy-dt6j-tuef
5
vulnerability VCID-4kph-6snj-huhk
6
vulnerability VCID-5h97-3s9w-c3ab
7
vulnerability VCID-7v7h-zrjj-pkh3
8
vulnerability VCID-86br-xun2-gudx
9
vulnerability VCID-8974-zsm2-ybbv
10
vulnerability VCID-8n5g-1zby-77gj
11
vulnerability VCID-9uhc-e3bj-nqg7
12
vulnerability VCID-ahwq-36cc-pqhn
13
vulnerability VCID-b2u5-56b4-63ae
14
vulnerability VCID-bkk8-srvr-pqfj
15
vulnerability VCID-c1vt-9j6a-b7cr
16
vulnerability VCID-cjar-y1hc-4ybu
17
vulnerability VCID-dux1-nmrm-xqa1
18
vulnerability VCID-g8ff-1859-ekhm
19
vulnerability VCID-hqwh-2un3-bqd8
20
vulnerability VCID-j879-8928-yyh8
21
vulnerability VCID-n8mv-4upg-hfa3
22
vulnerability VCID-p9ck-pwqp-qyc7
23
vulnerability VCID-rcdd-qkxt-nuez
24
vulnerability VCID-s1jf-x5ug-jqcq
25
vulnerability VCID-sz98-t7z9-bqea
26
vulnerability VCID-v2m6-n5w2-wfc5
27
vulnerability VCID-vns7-ssd1-8bhe
28
vulnerability VCID-y6j7-eetd-pkfh
29
vulnerability VCID-yu4n-aq57-67g5
30
vulnerability VCID-yync-gs3f-nyax
31
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.23.1
1
url pkg:pypi/matrix-synapse@1.24.0rc1
purl pkg:pypi/matrix-synapse@1.24.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-2du1-3n24-rbgx
4
vulnerability VCID-3ngy-dt6j-tuef
5
vulnerability VCID-4kph-6snj-huhk
6
vulnerability VCID-5h97-3s9w-c3ab
7
vulnerability VCID-7v7h-zrjj-pkh3
8
vulnerability VCID-86br-xun2-gudx
9
vulnerability VCID-8974-zsm2-ybbv
10
vulnerability VCID-8n5g-1zby-77gj
11
vulnerability VCID-9uhc-e3bj-nqg7
12
vulnerability VCID-ahwq-36cc-pqhn
13
vulnerability VCID-b2u5-56b4-63ae
14
vulnerability VCID-bkk8-srvr-pqfj
15
vulnerability VCID-c1vt-9j6a-b7cr
16
vulnerability VCID-cjar-y1hc-4ybu
17
vulnerability VCID-dux1-nmrm-xqa1
18
vulnerability VCID-g8ff-1859-ekhm
19
vulnerability VCID-hqwh-2un3-bqd8
20
vulnerability VCID-j879-8928-yyh8
21
vulnerability VCID-n8mv-4upg-hfa3
22
vulnerability VCID-p9ck-pwqp-qyc7
23
vulnerability VCID-rcdd-qkxt-nuez
24
vulnerability VCID-s1jf-x5ug-jqcq
25
vulnerability VCID-sz98-t7z9-bqea
26
vulnerability VCID-v2m6-n5w2-wfc5
27
vulnerability VCID-vns7-ssd1-8bhe
28
vulnerability VCID-y6j7-eetd-pkfh
29
vulnerability VCID-yu4n-aq57-67g5
30
vulnerability VCID-yync-gs3f-nyax
31
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.24.0rc1
aliases CVE-2020-26257, GHSA-hxmp-pqch-c8mm, PYSEC-2020-236
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6a8s-n8vb-hker
8
url VCID-7v7h-zrjj-pkh3
vulnerability_id VCID-7v7h-zrjj-pkh3
summary Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37302
reference_id
reference_type
scores
0
value 0.00568
scoring_system epss
scoring_elements 0.69089
published_at 2026-06-12T12:55:00Z
1
value 0.00568
scoring_system epss
scoring_elements 0.68997
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37302
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-286.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-286.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37302
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37302
4
reference_url https://github.com/advisories/GHSA-4mhg-xv73-xq2x
reference_id GHSA-4mhg-xv73-xq2x
reference_type
scores
url https://github.com/advisories/GHSA-4mhg-xv73-xq2x
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x
reference_id GHSA-4mhg-xv73-xq2x
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T18:55:21Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x
fixed_packages
0
url pkg:pypi/matrix-synapse@1.106
purl pkg:pypi/matrix-synapse@1.106
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106
1
url pkg:pypi/matrix-synapse@1.106.0
purl pkg:pypi/matrix-synapse@1.106.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-3ngy-dt6j-tuef
2
vulnerability VCID-hqwh-2un3-bqd8
3
vulnerability VCID-n8mv-4upg-hfa3
4
vulnerability VCID-rcdd-qkxt-nuez
5
vulnerability VCID-s1jf-x5ug-jqcq
6
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106.0
aliases CVE-2024-37302, GHSA-4mhg-xv73-xq2x, PYSEC-2024-286
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v7h-zrjj-pkh3
9
url VCID-86br-xun2-gudx
vulnerability_id VCID-86br-xun2-gudx
summary denial of service
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29471
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56902
published_at 2026-06-11T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.57023
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29471
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.33.2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.33.2
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-135.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-135.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29471
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29471
8
reference_url https://security.archlinux.org/ASA-202105-19
reference_id ASA-202105-19
reference_type
scores
url https://security.archlinux.org/ASA-202105-19
9
reference_url https://security.archlinux.org/AVG-1943
reference_id AVG-1943
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1943
10
reference_url https://github.com/advisories/GHSA-x345-32rc-8h85
reference_id GHSA-x345-32rc-8h85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x345-32rc-8h85
fixed_packages
0
url pkg:pypi/matrix-synapse@1.33.2
purl pkg:pypi/matrix-synapse@1.33.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-b2u5-56b4-63ae
9
vulnerability VCID-bkk8-srvr-pqfj
10
vulnerability VCID-c1vt-9j6a-b7cr
11
vulnerability VCID-dux1-nmrm-xqa1
12
vulnerability VCID-g8ff-1859-ekhm
13
vulnerability VCID-hqwh-2un3-bqd8
14
vulnerability VCID-n8mv-4upg-hfa3
15
vulnerability VCID-p9ck-pwqp-qyc7
16
vulnerability VCID-rcdd-qkxt-nuez
17
vulnerability VCID-s1jf-x5ug-jqcq
18
vulnerability VCID-sz98-t7z9-bqea
19
vulnerability VCID-vns7-ssd1-8bhe
20
vulnerability VCID-y6j7-eetd-pkfh
21
vulnerability VCID-yync-gs3f-nyax
22
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.33.2
aliases CVE-2021-29471, GHSA-x345-32rc-8h85, PYSEC-2021-135
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86br-xun2-gudx
10
url VCID-8974-zsm2-ybbv
vulnerability_id VCID-8974-zsm2-ybbv
summary 
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
### Impact
Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.

### Patches
The issue is fixed by https://github.com/matrix-org/synapse/pull/9855.

### Workarounds
There are no known workarounds.

### References
n/a

### For more information
If you have any questions or comments about this advisory, email us at security@matrix.org.
references
0
reference_url https://github.com/matrix-org/synapse/pull/9855
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9855
1
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-7h5v-85w9-pq6c
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-7h5v-85w9-pq6c
2
reference_url https://github.com/advisories/GHSA-7h5v-85w9-pq6c
reference_id GHSA-7h5v-85w9-pq6c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h5v-85w9-pq6c
fixed_packages
0
url pkg:pypi/matrix-synapse@1.33.0
purl pkg:pypi/matrix-synapse@1.33.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-86br-xun2-gudx
7
vulnerability VCID-8n5g-1zby-77gj
8
vulnerability VCID-9uhc-e3bj-nqg7
9
vulnerability VCID-b2u5-56b4-63ae
10
vulnerability VCID-bkk8-srvr-pqfj
11
vulnerability VCID-c1vt-9j6a-b7cr
12
vulnerability VCID-dux1-nmrm-xqa1
13
vulnerability VCID-g8ff-1859-ekhm
14
vulnerability VCID-hqwh-2un3-bqd8
15
vulnerability VCID-n8mv-4upg-hfa3
16
vulnerability VCID-p9ck-pwqp-qyc7
17
vulnerability VCID-rcdd-qkxt-nuez
18
vulnerability VCID-s1jf-x5ug-jqcq
19
vulnerability VCID-sz98-t7z9-bqea
20
vulnerability VCID-vns7-ssd1-8bhe
21
vulnerability VCID-y6j7-eetd-pkfh
22
vulnerability VCID-yync-gs3f-nyax
23
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.33.0
aliases GHSA-7h5v-85w9-pq6c, GMS-2021-169
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8974-zsm2-ybbv
11
url VCID-8n5g-1zby-77gj
vulnerability_id VCID-8n5g-1zby-77gj
summary Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32323
reference_id
reference_type
scores
0
value 0.00142
scoring_system epss
scoring_elements 0.34178
published_at 2026-06-11T12:55:00Z
1
value 0.00142
scoring_system epss
scoring_elements 0.34356
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32323
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-67.yaml
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-67.yaml
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32323
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32323
5
reference_url https://github.com/matrix-org/synapse/issues/14492
reference_id 14492
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:00:17Z/
url https://github.com/matrix-org/synapse/issues/14492
6
reference_url https://github.com/matrix-org/synapse/pull/14642
reference_id 14642
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:00:17Z/
url https://github.com/matrix-org/synapse/pull/14642
7
reference_url https://github.com/advisories/GHSA-f3wc-3vxv-xmvr
reference_id GHSA-f3wc-3vxv-xmvr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3wc-3vxv-xmvr
8
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-f3wc-3vxv-xmvr
reference_id GHSA-f3wc-3vxv-xmvr
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:00:17Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-f3wc-3vxv-xmvr
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/
reference_id UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:00:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.74.0
purl pkg:pypi/matrix-synapse@1.74.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-5h97-3s9w-c3ab
4
vulnerability VCID-7v7h-zrjj-pkh3
5
vulnerability VCID-bkk8-srvr-pqfj
6
vulnerability VCID-c1vt-9j6a-b7cr
7
vulnerability VCID-hqwh-2un3-bqd8
8
vulnerability VCID-husr-u735-97hh
9
vulnerability VCID-n8mv-4upg-hfa3
10
vulnerability VCID-p9ck-pwqp-qyc7
11
vulnerability VCID-rcdd-qkxt-nuez
12
vulnerability VCID-s1jf-x5ug-jqcq
13
vulnerability VCID-y6j7-eetd-pkfh
14
vulnerability VCID-yync-gs3f-nyax
15
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.74.0
aliases CVE-2023-32323, GHSA-f3wc-3vxv-xmvr, PYSEC-2023-67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8n5g-1zby-77gj
12
url VCID-9uhc-e3bj-nqg7
vulnerability_id VCID-9uhc-e3bj-nqg7
summary Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39335
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33519
published_at 2026-06-11T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.33699
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39335
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-65.yaml
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-65.yaml
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39335
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39335
5
reference_url https://github.com/matrix-org/synapse/issues/13288
reference_id 13288
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:45:19Z/
url https://github.com/matrix-org/synapse/issues/13288
6
reference_url https://github.com/matrix-org/synapse/pull/13823
reference_id 13823
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:45:19Z/
url https://github.com/matrix-org/synapse/pull/13823
7
reference_url https://github.com/advisories/GHSA-45cj-f97f-ggwv
reference_id GHSA-45cj-f97f-ggwv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-45cj-f97f-ggwv
8
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv
reference_id GHSA-45cj-f97f-ggwv
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:45:19Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS/
reference_id T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:45:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS/
10
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.69.0
purl pkg:pypi/matrix-synapse@1.69.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-5h97-3s9w-c3ab
4
vulnerability VCID-7v7h-zrjj-pkh3
5
vulnerability VCID-8n5g-1zby-77gj
6
vulnerability VCID-bkk8-srvr-pqfj
7
vulnerability VCID-c1vt-9j6a-b7cr
8
vulnerability VCID-hqwh-2un3-bqd8
9
vulnerability VCID-husr-u735-97hh
10
vulnerability VCID-n8mv-4upg-hfa3
11
vulnerability VCID-p9ck-pwqp-qyc7
12
vulnerability VCID-rcdd-qkxt-nuez
13
vulnerability VCID-s1jf-x5ug-jqcq
14
vulnerability VCID-y6j7-eetd-pkfh
15
vulnerability VCID-yync-gs3f-nyax
16
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.69.0
aliases CVE-2022-39335, GHSA-45cj-f97f-ggwv, PYSEC-2023-65
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9uhc-e3bj-nqg7
13
url VCID-ahwq-36cc-pqhn
vulnerability_id VCID-ahwq-36cc-pqhn
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21274
reference_id
reference_type
scores
0
value 0.00446
scoring_system epss
scoring_elements 0.63897
published_at 2026-06-11T12:55:00Z
1
value 0.00446
scoring_system epss
scoring_elements 0.63999
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21274
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6
3
reference_url https://github.com/matrix-org/synapse/pull/8950
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/8950
4
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.25.0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.25.0
5
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-132.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-132.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21274
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21274
9
reference_url https://github.com/advisories/GHSA-2hwx-mjrm-v3g8
reference_id GHSA-2hwx-mjrm-v3g8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2hwx-mjrm-v3g8
fixed_packages
0
url pkg:pypi/matrix-synapse@1.25.0
purl pkg:pypi/matrix-synapse@1.25.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-4kph-6snj-huhk
5
vulnerability VCID-5h97-3s9w-c3ab
6
vulnerability VCID-7v7h-zrjj-pkh3
7
vulnerability VCID-86br-xun2-gudx
8
vulnerability VCID-8974-zsm2-ybbv
9
vulnerability VCID-8n5g-1zby-77gj
10
vulnerability VCID-9uhc-e3bj-nqg7
11
vulnerability VCID-b2u5-56b4-63ae
12
vulnerability VCID-bkk8-srvr-pqfj
13
vulnerability VCID-c1vt-9j6a-b7cr
14
vulnerability VCID-cjar-y1hc-4ybu
15
vulnerability VCID-dux1-nmrm-xqa1
16
vulnerability VCID-g8ff-1859-ekhm
17
vulnerability VCID-hqwh-2un3-bqd8
18
vulnerability VCID-j879-8928-yyh8
19
vulnerability VCID-n8mv-4upg-hfa3
20
vulnerability VCID-p9ck-pwqp-qyc7
21
vulnerability VCID-rcdd-qkxt-nuez
22
vulnerability VCID-s1jf-x5ug-jqcq
23
vulnerability VCID-sz98-t7z9-bqea
24
vulnerability VCID-v2m6-n5w2-wfc5
25
vulnerability VCID-vns7-ssd1-8bhe
26
vulnerability VCID-y6j7-eetd-pkfh
27
vulnerability VCID-yu4n-aq57-67g5
28
vulnerability VCID-yync-gs3f-nyax
29
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.25.0
aliases CVE-2021-21274, GHSA-2hwx-mjrm-v3g8, PYSEC-2021-132
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ahwq-36cc-pqhn
14
url VCID-b2u5-56b4-63ae
vulnerability_id VCID-b2u5-56b4-63ae
summary directory traversal
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41281
reference_id
reference_type
scores
0
value 0.00545
scoring_system epss
scoring_elements 0.68239
published_at 2026-06-11T12:55:00Z
1
value 0.00545
scoring_system epss
scoring_elements 0.68327
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41281
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/91f2bd090
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/91f2bd090
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.47.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.47.1
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-436.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-436.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EU7QRE55U4IUEDLKT5IYPWL3UXMELFAS
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EU7QRE55U4IUEDLKT5IYPWL3UXMELFAS
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N3WY56LCEZ4ZECLWV5KMAXF2PSMUB4F2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N3WY56LCEZ4ZECLWV5KMAXF2PSMUB4F2
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000451
reference_id 1000451
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000451
8
reference_url https://security.archlinux.org/AVG-2581
reference_id AVG-2581
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2581
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41281
reference_id CVE-2021-41281
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41281
10
reference_url https://github.com/advisories/GHSA-3hfw-x7gx-437c
reference_id GHSA-3hfw-x7gx-437c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3hfw-x7gx-437c
11
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
reference_id GHSA-3hfw-x7gx-437c
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
fixed_packages
0
url pkg:pypi/matrix-synapse@1.47.1
purl pkg:pypi/matrix-synapse@1.47.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-bkk8-srvr-pqfj
9
vulnerability VCID-c1vt-9j6a-b7cr
10
vulnerability VCID-g8ff-1859-ekhm
11
vulnerability VCID-hqwh-2un3-bqd8
12
vulnerability VCID-n8mv-4upg-hfa3
13
vulnerability VCID-p9ck-pwqp-qyc7
14
vulnerability VCID-rcdd-qkxt-nuez
15
vulnerability VCID-s1jf-x5ug-jqcq
16
vulnerability VCID-sz98-t7z9-bqea
17
vulnerability VCID-y6j7-eetd-pkfh
18
vulnerability VCID-yync-gs3f-nyax
19
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.47.1
aliases CVE-2021-41281, GHSA-3hfw-x7gx-437c, PYSEC-2021-436
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b2u5-56b4-63ae
15
url VCID-bkk8-srvr-pqfj
vulnerability_id VCID-bkk8-srvr-pqfj
summary Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user's password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user's password after they've been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32682
reference_id
reference_type
scores
0
value 0.00956
scoring_system epss
scoring_elements 0.76937
published_at 2026-06-12T12:55:00Z
1
value 0.00956
scoring_system epss
scoring_elements 0.76866
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32682
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/issues/12274
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/issues/12274
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.85.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.85.0
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-84.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-84.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32682
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32682
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037207
reference_id 1037207
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037207
8
reference_url https://github.com/matrix-org/synapse/pull/15624
reference_id 15624
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://github.com/matrix-org/synapse/pull/15624
9
reference_url https://github.com/matrix-org/synapse/pull/15634
reference_id 15634
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://github.com/matrix-org/synapse/pull/15634
10
reference_url https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config
reference_id config_documentation.html#password_config
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config
11
reference_url https://github.com/advisories/GHSA-26c5-ppr8-f33p
reference_id GHSA-26c5-ppr8-f33p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-26c5-ppr8-f33p
12
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p
reference_id GHSA-26c5-ppr8-f33p
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p
13
reference_url https://matrix-org.github.io/synapse/latest/jwt.html
reference_id jwt.html
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://matrix-org.github.io/synapse/latest/jwt.html
14
reference_url https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account
reference_id user_admin_api.html#create-or-modify-account
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
reference_id X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:28:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.85.0
purl pkg:pypi/matrix-synapse@1.85.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-5h97-3s9w-c3ab
4
vulnerability VCID-7v7h-zrjj-pkh3
5
vulnerability VCID-c1vt-9j6a-b7cr
6
vulnerability VCID-hqwh-2un3-bqd8
7
vulnerability VCID-husr-u735-97hh
8
vulnerability VCID-n8mv-4upg-hfa3
9
vulnerability VCID-rcdd-qkxt-nuez
10
vulnerability VCID-s1jf-x5ug-jqcq
11
vulnerability VCID-y6j7-eetd-pkfh
12
vulnerability VCID-yync-gs3f-nyax
13
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.85.0
aliases CVE-2023-32682, GHSA-26c5-ppr8-f33p, PYSEC-2023-84
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bkk8-srvr-pqfj
16
url VCID-c1vt-9j6a-b7cr
vulnerability_id VCID-c1vt-9j6a-b7cr
summary Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Synapse 1.106 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37303
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.57331
published_at 2026-06-12T12:55:00Z
1
value 0.00342
scoring_system epss
scoring_elements 0.57213
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37303
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-287.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-287.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37303
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37303
4
reference_url https://github.com/matrix-org/matrix-spec-proposals/pull/3916
reference_id 3916
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T18:49:29Z/
url https://github.com/matrix-org/matrix-spec-proposals/pull/3916
5
reference_url https://github.com/advisories/GHSA-gjgr-7834-rhxr
reference_id GHSA-gjgr-7834-rhxr
reference_type
scores
url https://github.com/advisories/GHSA-gjgr-7834-rhxr
6
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr
reference_id GHSA-gjgr-7834-rhxr
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T18:49:29Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr
fixed_packages
0
url pkg:pypi/matrix-synapse@1.106
purl pkg:pypi/matrix-synapse@1.106
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106
1
url pkg:pypi/matrix-synapse@1.106.0
purl pkg:pypi/matrix-synapse@1.106.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-3ngy-dt6j-tuef
2
vulnerability VCID-hqwh-2un3-bqd8
3
vulnerability VCID-n8mv-4upg-hfa3
4
vulnerability VCID-rcdd-qkxt-nuez
5
vulnerability VCID-s1jf-x5ug-jqcq
6
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106.0
aliases CVE-2024-37303, GHSA-gjgr-7834-rhxr, PYSEC-2024-287
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1vt-9j6a-b7cr
17
url VCID-cdnv-apfv-nuf8
vulnerability_id VCID-cdnv-apfv-nuf8
summary denial of service
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26890
reference_id
reference_type
scores
0
value 0.00572
scoring_system epss
scoring_elements 0.69256
published_at 2026-06-12T12:55:00Z
1
value 0.00572
scoring_system epss
scoring_elements 0.69163
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26890
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2020-237.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2020-237.yaml
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7YXMMYQP46PYL664JQUXCA3LPBJU7DQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7YXMMYQP46PYL664JQUXCA3LPBJU7DQ
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7YXMMYQP46PYL664JQUXCA3LPBJU7DQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7YXMMYQP46PYL664JQUXCA3LPBJU7DQ/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U34DPP4ZLOEDUY2ZCWOHQPU5GA5LYNUQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U34DPP4ZLOEDUY2ZCWOHQPU5GA5LYNUQ
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U34DPP4ZLOEDUY2ZCWOHQPU5GA5LYNUQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U34DPP4ZLOEDUY2ZCWOHQPU5GA5LYNUQ/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26890
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26890
9
reference_url https://pypi.org/project/matrix-synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/matrix-synapse
10
reference_url https://security.archlinux.org/ASA-202011-23
reference_id ASA-202011-23
reference_type
scores
url https://security.archlinux.org/ASA-202011-23
11
reference_url https://security.archlinux.org/AVG-1296
reference_id AVG-1296
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1296
12
reference_url https://github.com/advisories/GHSA-4mp3-385r-v63f
reference_id GHSA-4mp3-385r-v63f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4mp3-385r-v63f
fixed_packages
0
url pkg:pypi/matrix-synapse@1.20.0
purl pkg:pypi/matrix-synapse@1.20.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-2du1-3n24-rbgx
4
vulnerability VCID-3ngy-dt6j-tuef
5
vulnerability VCID-4kph-6snj-huhk
6
vulnerability VCID-5h97-3s9w-c3ab
7
vulnerability VCID-6a8s-n8vb-hker
8
vulnerability VCID-7v7h-zrjj-pkh3
9
vulnerability VCID-86br-xun2-gudx
10
vulnerability VCID-8974-zsm2-ybbv
11
vulnerability VCID-8n5g-1zby-77gj
12
vulnerability VCID-9uhc-e3bj-nqg7
13
vulnerability VCID-ahwq-36cc-pqhn
14
vulnerability VCID-b2u5-56b4-63ae
15
vulnerability VCID-bkk8-srvr-pqfj
16
vulnerability VCID-c1vt-9j6a-b7cr
17
vulnerability VCID-cjar-y1hc-4ybu
18
vulnerability VCID-dux1-nmrm-xqa1
19
vulnerability VCID-g8ff-1859-ekhm
20
vulnerability VCID-hqwh-2un3-bqd8
21
vulnerability VCID-j879-8928-yyh8
22
vulnerability VCID-n8mv-4upg-hfa3
23
vulnerability VCID-p9ck-pwqp-qyc7
24
vulnerability VCID-rcdd-qkxt-nuez
25
vulnerability VCID-s1jf-x5ug-jqcq
26
vulnerability VCID-sz98-t7z9-bqea
27
vulnerability VCID-v2m6-n5w2-wfc5
28
vulnerability VCID-vns7-ssd1-8bhe
29
vulnerability VCID-y6j7-eetd-pkfh
30
vulnerability VCID-ygy4-xzjr-2fdc
31
vulnerability VCID-yu4n-aq57-67g5
32
vulnerability VCID-yync-gs3f-nyax
33
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.20.0
aliases CVE-2020-26890, GHSA-4mp3-385r-v63f, PYSEC-2020-237
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cdnv-apfv-nuf8
18
url VCID-cjar-y1hc-4ybu
vulnerability_id VCID-cjar-y1hc-4ybu
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21392
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.42051
published_at 2026-06-11T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42215
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21392
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/4ca054a4eaa714d0befb4fc30b19a1131e52c9cc
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/4ca054a4eaa714d0befb4fc30b19a1131e52c9cc
3
reference_url https://github.com/matrix-org/synapse/pull/9240
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9240
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-25.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-25.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21392
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21392
8
reference_url https://pypi.org/project/matrix-synapse
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/matrix-synapse
9
reference_url https://pypi.org/project/matrix-synapse/
reference_id
reference_type
scores
url https://pypi.org/project/matrix-synapse/
10
reference_url https://github.com/advisories/GHSA-5wrh-4jwv-5w78
reference_id GHSA-5wrh-4jwv-5w78
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5wrh-4jwv-5w78
fixed_packages
0
url pkg:pypi/matrix-synapse@1.28.0rc1
purl pkg:pypi/matrix-synapse@1.28.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-4kph-6snj-huhk
5
vulnerability VCID-5h97-3s9w-c3ab
6
vulnerability VCID-7v7h-zrjj-pkh3
7
vulnerability VCID-86br-xun2-gudx
8
vulnerability VCID-8974-zsm2-ybbv
9
vulnerability VCID-8n5g-1zby-77gj
10
vulnerability VCID-9uhc-e3bj-nqg7
11
vulnerability VCID-b2u5-56b4-63ae
12
vulnerability VCID-bkk8-srvr-pqfj
13
vulnerability VCID-c1vt-9j6a-b7cr
14
vulnerability VCID-cjar-y1hc-4ybu
15
vulnerability VCID-dux1-nmrm-xqa1
16
vulnerability VCID-g8ff-1859-ekhm
17
vulnerability VCID-hqwh-2un3-bqd8
18
vulnerability VCID-j879-8928-yyh8
19
vulnerability VCID-n8mv-4upg-hfa3
20
vulnerability VCID-p9ck-pwqp-qyc7
21
vulnerability VCID-rcdd-qkxt-nuez
22
vulnerability VCID-s1jf-x5ug-jqcq
23
vulnerability VCID-sz98-t7z9-bqea
24
vulnerability VCID-vns7-ssd1-8bhe
25
vulnerability VCID-y6j7-eetd-pkfh
26
vulnerability VCID-yync-gs3f-nyax
27
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.28.0rc1
1
url pkg:pypi/matrix-synapse@1.28.0
purl pkg:pypi/matrix-synapse@1.28.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-86br-xun2-gudx
7
vulnerability VCID-8974-zsm2-ybbv
8
vulnerability VCID-8n5g-1zby-77gj
9
vulnerability VCID-9uhc-e3bj-nqg7
10
vulnerability VCID-b2u5-56b4-63ae
11
vulnerability VCID-bkk8-srvr-pqfj
12
vulnerability VCID-c1vt-9j6a-b7cr
13
vulnerability VCID-dux1-nmrm-xqa1
14
vulnerability VCID-g8ff-1859-ekhm
15
vulnerability VCID-hqwh-2un3-bqd8
16
vulnerability VCID-n8mv-4upg-hfa3
17
vulnerability VCID-p9ck-pwqp-qyc7
18
vulnerability VCID-rcdd-qkxt-nuez
19
vulnerability VCID-s1jf-x5ug-jqcq
20
vulnerability VCID-sz98-t7z9-bqea
21
vulnerability VCID-vns7-ssd1-8bhe
22
vulnerability VCID-y6j7-eetd-pkfh
23
vulnerability VCID-yync-gs3f-nyax
24
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.28.0
aliases CVE-2021-21392, GHSA-5wrh-4jwv-5w78, PYSEC-2021-25
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cjar-y1hc-4ybu
19
url VCID-dux1-nmrm-xqa1
vulnerability_id VCID-dux1-nmrm-xqa1
summary information disclosure
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39164
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50996
published_at 2026-06-12T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50863
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39164
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/cb35df940a
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/cb35df940a
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.41.1
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.41.1
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-425.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-425.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39164
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39164
11
reference_url https://security.archlinux.org/AVG-2334
reference_id AVG-2334
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2334
12
reference_url https://github.com/advisories/GHSA-3x4c-pq33-4w3q
reference_id GHSA-3x4c-pq33-4w3q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x4c-pq33-4w3q
fixed_packages
0
url pkg:pypi/matrix-synapse@1.41.1
purl pkg:pypi/matrix-synapse@1.41.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-b2u5-56b4-63ae
9
vulnerability VCID-bkk8-srvr-pqfj
10
vulnerability VCID-c1vt-9j6a-b7cr
11
vulnerability VCID-g8ff-1859-ekhm
12
vulnerability VCID-hqwh-2un3-bqd8
13
vulnerability VCID-n8mv-4upg-hfa3
14
vulnerability VCID-p9ck-pwqp-qyc7
15
vulnerability VCID-rcdd-qkxt-nuez
16
vulnerability VCID-s1jf-x5ug-jqcq
17
vulnerability VCID-sz98-t7z9-bqea
18
vulnerability VCID-y6j7-eetd-pkfh
19
vulnerability VCID-yync-gs3f-nyax
20
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.41.1
aliases CVE-2021-39164, GHSA-3x4c-pq33-4w3q, PYSEC-2021-425
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dux1-nmrm-xqa1
20
url VCID-g8ff-1859-ekhm
vulnerability_id VCID-g8ff-1859-ekhm
summary Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31052
reference_id
reference_type
scores
0
value 0.00376
scoring_system epss
scoring_elements 0.596
published_at 2026-06-11T12:55:00Z
1
value 0.00376
scoring_system epss
scoring_elements 0.59708
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31052
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-224.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-224.yaml
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
reference_id 7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31052
reference_id CVE-2022-31052
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31052
9
reference_url https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333
reference_id fa1308061802ac7b7d20e954ba7372c5ac292333
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333
10
reference_url https://spec.matrix.org/v1.2/client-server-api/#get_matrixmediav3preview_url
reference_id #get_matrixmediav3preview_url
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://spec.matrix.org/v1.2/client-server-api/#get_matrixmediav3preview_url
11
reference_url https://github.com/advisories/GHSA-22p3-qrh9-cx32
reference_id GHSA-22p3-qrh9-cx32
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22p3-qrh9-cx32
12
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32
reference_id GHSA-22p3-qrh9-cx32
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
reference_id QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:10Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.61.1
purl pkg:pypi/matrix-synapse@1.61.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-bkk8-srvr-pqfj
9
vulnerability VCID-c1vt-9j6a-b7cr
10
vulnerability VCID-hqwh-2un3-bqd8
11
vulnerability VCID-n8mv-4upg-hfa3
12
vulnerability VCID-p9ck-pwqp-qyc7
13
vulnerability VCID-rcdd-qkxt-nuez
14
vulnerability VCID-s1jf-x5ug-jqcq
15
vulnerability VCID-y6j7-eetd-pkfh
16
vulnerability VCID-yync-gs3f-nyax
17
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.61.1
aliases CVE-2022-31052, GHSA-22p3-qrh9-cx32, PYSEC-2022-224
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ff-1859-ekhm
21
url VCID-hjuv-5rpx-hfe3
vulnerability_id VCID-hjuv-5rpx-hfe3
summary Improper Verification of Cryptographic Signature in matrix-synapse
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18835
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.41074
published_at 2026-06-12T12:55:00Z
1
value 0.00191
scoring_system epss
scoring_elements 0.40908
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18835
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/172f264ed38e8bef857552f93114b4ee113a880b
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/172f264ed38e8bef857552f93114b4ee113a880b
3
reference_url https://github.com/matrix-org/synapse/pull/6262
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/6262
4
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.5.0
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.5.0
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2019-186.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2019-186.yaml
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944355
reference_id 944355
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944355
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18835
reference_id CVE-2019-18835
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18835
8
reference_url https://github.com/advisories/GHSA-cppw-2mf8-qpm5
reference_id GHSA-cppw-2mf8-qpm5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cppw-2mf8-qpm5
9
reference_url https://usn.ubuntu.com/6076-1/
reference_id USN-6076-1
reference_type
scores
url https://usn.ubuntu.com/6076-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.5.0
purl pkg:pypi/matrix-synapse@1.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-2du1-3n24-rbgx
4
vulnerability VCID-3ngy-dt6j-tuef
5
vulnerability VCID-4kph-6snj-huhk
6
vulnerability VCID-5h97-3s9w-c3ab
7
vulnerability VCID-6a8s-n8vb-hker
8
vulnerability VCID-7v7h-zrjj-pkh3
9
vulnerability VCID-86br-xun2-gudx
10
vulnerability VCID-8974-zsm2-ybbv
11
vulnerability VCID-8n5g-1zby-77gj
12
vulnerability VCID-9uhc-e3bj-nqg7
13
vulnerability VCID-ahwq-36cc-pqhn
14
vulnerability VCID-b2u5-56b4-63ae
15
vulnerability VCID-bkk8-srvr-pqfj
16
vulnerability VCID-c1vt-9j6a-b7cr
17
vulnerability VCID-cdnv-apfv-nuf8
18
vulnerability VCID-cjar-y1hc-4ybu
19
vulnerability VCID-dux1-nmrm-xqa1
20
vulnerability VCID-g8ff-1859-ekhm
21
vulnerability VCID-hqwh-2un3-bqd8
22
vulnerability VCID-j879-8928-yyh8
23
vulnerability VCID-n8mv-4upg-hfa3
24
vulnerability VCID-p9ck-pwqp-qyc7
25
vulnerability VCID-rcdd-qkxt-nuez
26
vulnerability VCID-s1jf-x5ug-jqcq
27
vulnerability VCID-sz98-t7z9-bqea
28
vulnerability VCID-v2m6-n5w2-wfc5
29
vulnerability VCID-vns7-ssd1-8bhe
30
vulnerability VCID-y6j7-eetd-pkfh
31
vulnerability VCID-ygy4-xzjr-2fdc
32
vulnerability VCID-yu4n-aq57-67g5
33
vulnerability VCID-yync-gs3f-nyax
34
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.5.0
aliases CVE-2019-18835, GHSA-cppw-2mf8-qpm5, PYSEC-2019-186
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjuv-5rpx-hfe3
22
url VCID-hqwh-2un3-bqd8
vulnerability_id VCID-hqwh-2un3-bqd8
summary Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52815
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.5808
published_at 2026-06-11T12:55:00Z
1
value 0.00353
scoring_system epss
scoring_elements 0.58194
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52815
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52815
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52815
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/advisories/GHSA-f3r3-h2mq-hx2h
reference_id GHSA-f3r3-h2mq-hx2h
reference_type
scores
url https://github.com/advisories/GHSA-f3r3-h2mq-hx2h
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h
reference_id GHSA-f3r3-h2mq-hx2h
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:05:32Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h
fixed_packages
0
url pkg:pypi/matrix-synapse@1.120.1
purl pkg:pypi/matrix-synapse@1.120.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.120.1
aliases CVE-2024-52815, GHSA-f3r3-h2mq-hx2h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqwh-2un3-bqd8
23
url VCID-j879-8928-yyh8
vulnerability_id VCID-j879-8928-yyh8
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21393
reference_id
reference_type
scores
0
value 0.00548
scoring_system epss
scoring_elements 0.68353
published_at 2026-06-11T12:55:00Z
1
value 0.00548
scoring_system epss
scoring_elements 0.68442
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21393
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/3f58fc848d0002de4605bed91603a1f9f245d128
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/3f58fc848d0002de4605bed91603a1f9f245d128
3
reference_url https://github.com/matrix-org/synapse/commit/d2f0ec12d5c8f113095408888e87e191ac546499
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/d2f0ec12d5c8f113095408888e87e191ac546499
4
reference_url https://github.com/matrix-org/synapse/pull/9321
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9321
5
reference_url https://github.com/matrix-org/synapse/pull/9393
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9393
6
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-26.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-26.yaml
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21393
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21393
10
reference_url https://pypi.org/project/matrix-synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/matrix-synapse
11
reference_url https://pypi.org/project/matrix-synapse/
reference_id
reference_type
scores
url https://pypi.org/project/matrix-synapse/
12
reference_url https://github.com/advisories/GHSA-jrh7-mhhx-6h88
reference_id GHSA-jrh7-mhhx-6h88
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jrh7-mhhx-6h88
fixed_packages
0
url pkg:pypi/matrix-synapse@1.28.0
purl pkg:pypi/matrix-synapse@1.28.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-86br-xun2-gudx
7
vulnerability VCID-8974-zsm2-ybbv
8
vulnerability VCID-8n5g-1zby-77gj
9
vulnerability VCID-9uhc-e3bj-nqg7
10
vulnerability VCID-b2u5-56b4-63ae
11
vulnerability VCID-bkk8-srvr-pqfj
12
vulnerability VCID-c1vt-9j6a-b7cr
13
vulnerability VCID-dux1-nmrm-xqa1
14
vulnerability VCID-g8ff-1859-ekhm
15
vulnerability VCID-hqwh-2un3-bqd8
16
vulnerability VCID-n8mv-4upg-hfa3
17
vulnerability VCID-p9ck-pwqp-qyc7
18
vulnerability VCID-rcdd-qkxt-nuez
19
vulnerability VCID-s1jf-x5ug-jqcq
20
vulnerability VCID-sz98-t7z9-bqea
21
vulnerability VCID-vns7-ssd1-8bhe
22
vulnerability VCID-y6j7-eetd-pkfh
23
vulnerability VCID-yync-gs3f-nyax
24
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.28.0
aliases CVE-2021-21393, GHSA-jrh7-mhhx-6h88, PYSEC-2021-26
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j879-8928-yyh8
24
url VCID-n8mv-4upg-hfa3
vulnerability_id VCID-n8mv-4upg-hfa3
summary Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45078
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02905
published_at 2026-06-12T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02895
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45078
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/element-hq/synapse/commit/3f58bc50dfba5768ee43ce48c5e74c25ba0b078a
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/commit/3f58bc50dfba5768ee43ce48c5e74c25ba0b078a
3
reference_url https://github.com/element-hq/synapse/issues/19394
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/issues/19394
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2026-191.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2026-191.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45078
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45078
6
reference_url https://github.com/advisories/GHSA-8q93-326v-3m7g
reference_id GHSA-8q93-326v-3m7g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8q93-326v-3m7g
7
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-8q93-326v-3m7g
reference_id GHSA-8q93-326v-3m7g
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:31:35Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-8q93-326v-3m7g
fixed_packages
0
url pkg:pypi/matrix-synapse@1.152.1
purl pkg:pypi/matrix-synapse@1.152.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.152.1
aliases CVE-2026-45078, CVE-2026-45078,, GHSA-8q93-326v-3m7g, PYSEC-2026-191
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8mv-4upg-hfa3
25
url VCID-p9ck-pwqp-qyc7
vulnerability_id VCID-p9ck-pwqp-qyc7
summary Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32683
reference_id
reference_type
scores
0
value 0.00349
scoring_system epss
scoring_elements 0.5793
published_at 2026-06-12T12:55:00Z
1
value 0.00349
scoring_system epss
scoring_elements 0.57818
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32683
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.85.0
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.85.0
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-85.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-85.yaml
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32683
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32683
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037207
reference_id 1037207
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037207
7
reference_url https://github.com/matrix-org/synapse/pull/15601
reference_id 15601
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:39Z/
url https://github.com/matrix-org/synapse/pull/15601
8
reference_url https://github.com/advisories/GHSA-98px-6486-j7qc
reference_id GHSA-98px-6486-j7qc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98px-6486-j7qc
9
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc
reference_id GHSA-98px-6486-j7qc
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:39Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc
10
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
reference_id X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-07T16:25:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.85.0
purl pkg:pypi/matrix-synapse@1.85.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-5h97-3s9w-c3ab
4
vulnerability VCID-7v7h-zrjj-pkh3
5
vulnerability VCID-c1vt-9j6a-b7cr
6
vulnerability VCID-hqwh-2un3-bqd8
7
vulnerability VCID-husr-u735-97hh
8
vulnerability VCID-n8mv-4upg-hfa3
9
vulnerability VCID-rcdd-qkxt-nuez
10
vulnerability VCID-s1jf-x5ug-jqcq
11
vulnerability VCID-y6j7-eetd-pkfh
12
vulnerability VCID-yync-gs3f-nyax
13
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.85.0
aliases CVE-2023-32683, GHSA-98px-6486-j7qc, PYSEC-2023-85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9ck-pwqp-qyc7
26
url VCID-rcdd-qkxt-nuez
vulnerability_id VCID-rcdd-qkxt-nuez
summary Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or within the Matrix ecosystem. Synapse 1.120.1 addresses the issue by restricting thumbnail generation to images in the following widely used formats: PNG, JPEG, GIF, and WebP. This vulnerability is fixed in 1.120.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53863
reference_id
reference_type
scores
0
value 0.00962
scoring_system epss
scoring_elements 0.76926
published_at 2026-06-11T12:55:00Z
1
value 0.00962
scoring_system epss
scoring_elements 0.76998
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53863
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53863
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53863
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/advisories/GHSA-vp6v-whfm-rv3g
reference_id GHSA-vp6v-whfm-rv3g
reference_type
scores
url https://github.com/advisories/GHSA-vp6v-whfm-rv3g
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g
reference_id GHSA-vp6v-whfm-rv3g
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:07:32Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g
6
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.120.1
purl pkg:pypi/matrix-synapse@1.120.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.120.1
aliases CVE-2024-53863, GHSA-vp6v-whfm-rv3g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcdd-qkxt-nuez
27
url VCID-s1jf-x5ug-jqcq
vulnerability_id VCID-s1jf-x5ug-jqcq
summary Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52805
reference_id
reference_type
scores
0
value 0.01089
scoring_system epss
scoring_elements 0.7834
published_at 2026-06-11T12:55:00Z
1
value 0.01089
scoring_system epss
scoring_elements 0.78408
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52805
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52805
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52805
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
reference_id 4688#issuecomment-1167705518
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/
url https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
5
reference_url https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609
reference_id 4688#issuecomment-2385711609
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/
url https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609
6
reference_url https://github.com/advisories/GHSA-rfq8-j7rh-8hf2
reference_id GHSA-rfq8-j7rh-8hf2
reference_type
scores
url https://github.com/advisories/GHSA-rfq8-j7rh-8hf2
7
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2
reference_id GHSA-rfq8-j7rh-8hf2
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2
fixed_packages
0
url pkg:pypi/matrix-synapse@1.120.1
purl pkg:pypi/matrix-synapse@1.120.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.120.1
aliases CVE-2024-52805, GHSA-rfq8-j7rh-8hf2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1jf-x5ug-jqcq
28
url VCID-sz98-t7z9-bqea
vulnerability_id VCID-sz98-t7z9-bqea
summary Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41952
reference_id
reference_type
scores
0
value 0.00552
scoring_system epss
scoring_elements 0.68476
published_at 2026-06-11T12:55:00Z
1
value 0.00552
scoring_system epss
scoring_elements 0.68564
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41952
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/pull/11784
reference_id 11784
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:47Z/
url https://github.com/matrix-org/synapse/pull/11784
3
reference_url https://github.com/matrix-org/synapse/pull/11936
reference_id 11936
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:47Z/
url https://github.com/matrix-org/synapse/pull/11936
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41952
reference_id CVE-2022-41952
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41952
5
reference_url https://github.com/advisories/GHSA-4822-jvwx-w47h
reference_id GHSA-4822-jvwx-w47h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4822-jvwx-w47h
6
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h
reference_id GHSA-4822-jvwx-w47h
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:47Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h
7
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.52.0
reference_id v1.52.0
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:47Z/
url https://github.com/matrix-org/synapse/releases/tag/v1.52.0
8
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.53.0
reference_id v1.53.0
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:47Z/
url https://github.com/matrix-org/synapse/releases/tag/v1.53.0
fixed_packages
0
url pkg:pypi/matrix-synapse@1.53.0
purl pkg:pypi/matrix-synapse@1.53.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-bkk8-srvr-pqfj
9
vulnerability VCID-c1vt-9j6a-b7cr
10
vulnerability VCID-g8ff-1859-ekhm
11
vulnerability VCID-hqwh-2un3-bqd8
12
vulnerability VCID-n8mv-4upg-hfa3
13
vulnerability VCID-p9ck-pwqp-qyc7
14
vulnerability VCID-rcdd-qkxt-nuez
15
vulnerability VCID-s1jf-x5ug-jqcq
16
vulnerability VCID-y6j7-eetd-pkfh
17
vulnerability VCID-yync-gs3f-nyax
18
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.53.0
aliases CVE-2022-41952, GHSA-4822-jvwx-w47h, GMS-2022-624
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz98-t7z9-bqea
29
url VCID-v2m6-n5w2-wfc5
vulnerability_id VCID-v2m6-n5w2-wfc5
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21332
reference_id
reference_type
scores
0
value 0.00505
scoring_system epss
scoring_elements 0.66642
published_at 2026-06-11T12:55:00Z
1
value 0.00505
scoring_system epss
scoring_elements 0.66735
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21332
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df
3
reference_url https://github.com/matrix-org/synapse/pull/9200
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9200
4
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.27.0
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.27.0
5
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-133.yaml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-133.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21332
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21332
9
reference_url https://github.com/advisories/GHSA-246w-56m2-5899
reference_id GHSA-246w-56m2-5899
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-246w-56m2-5899
fixed_packages
0
url pkg:pypi/matrix-synapse@1.27.0
purl pkg:pypi/matrix-synapse@1.27.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-4kph-6snj-huhk
5
vulnerability VCID-5h97-3s9w-c3ab
6
vulnerability VCID-7v7h-zrjj-pkh3
7
vulnerability VCID-86br-xun2-gudx
8
vulnerability VCID-8974-zsm2-ybbv
9
vulnerability VCID-8n5g-1zby-77gj
10
vulnerability VCID-9uhc-e3bj-nqg7
11
vulnerability VCID-b2u5-56b4-63ae
12
vulnerability VCID-bkk8-srvr-pqfj
13
vulnerability VCID-c1vt-9j6a-b7cr
14
vulnerability VCID-cjar-y1hc-4ybu
15
vulnerability VCID-dux1-nmrm-xqa1
16
vulnerability VCID-g8ff-1859-ekhm
17
vulnerability VCID-hqwh-2un3-bqd8
18
vulnerability VCID-j879-8928-yyh8
19
vulnerability VCID-n8mv-4upg-hfa3
20
vulnerability VCID-p9ck-pwqp-qyc7
21
vulnerability VCID-rcdd-qkxt-nuez
22
vulnerability VCID-s1jf-x5ug-jqcq
23
vulnerability VCID-sz98-t7z9-bqea
24
vulnerability VCID-vns7-ssd1-8bhe
25
vulnerability VCID-y6j7-eetd-pkfh
26
vulnerability VCID-yync-gs3f-nyax
27
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.27.0
aliases CVE-2021-21332, GHSA-246w-56m2-5899, PYSEC-2021-133
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v2m6-n5w2-wfc5
30
url VCID-vns7-ssd1-8bhe
vulnerability_id VCID-vns7-ssd1-8bhe
summary information disclosure
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39163
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.42002
published_at 2026-06-11T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42165
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39163
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/cb35df940a
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/cb35df940a
3
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.41.1
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.41.1
4
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-424.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-424.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39163
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39163
11
reference_url https://security.archlinux.org/AVG-2334
reference_id AVG-2334
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2334
12
reference_url https://github.com/advisories/GHSA-jj53-8fmw-f2w2
reference_id GHSA-jj53-8fmw-f2w2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jj53-8fmw-f2w2
fixed_packages
0
url pkg:pypi/matrix-synapse@1.41.1
purl pkg:pypi/matrix-synapse@1.41.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-5h97-3s9w-c3ab
5
vulnerability VCID-7v7h-zrjj-pkh3
6
vulnerability VCID-8n5g-1zby-77gj
7
vulnerability VCID-9uhc-e3bj-nqg7
8
vulnerability VCID-b2u5-56b4-63ae
9
vulnerability VCID-bkk8-srvr-pqfj
10
vulnerability VCID-c1vt-9j6a-b7cr
11
vulnerability VCID-g8ff-1859-ekhm
12
vulnerability VCID-hqwh-2un3-bqd8
13
vulnerability VCID-n8mv-4upg-hfa3
14
vulnerability VCID-p9ck-pwqp-qyc7
15
vulnerability VCID-rcdd-qkxt-nuez
16
vulnerability VCID-s1jf-x5ug-jqcq
17
vulnerability VCID-sz98-t7z9-bqea
18
vulnerability VCID-y6j7-eetd-pkfh
19
vulnerability VCID-yync-gs3f-nyax
20
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.41.1
aliases CVE-2021-39163, GHSA-jj53-8fmw-f2w2, PYSEC-2021-424
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vns7-ssd1-8bhe
31
url VCID-y6j7-eetd-pkfh
vulnerability_id VCID-y6j7-eetd-pkfh
summary Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. The issue is patched in Synapse 1.138.3, 1.138.4, 1.139.1, and 1.139.2. Note that even though 1.138.3 and 1.139.1 fix the vulnerability, they inadvertently introduced an unrelated regression. For this reason, the maintainers of Synapse recommend skipping these releases and upgrading straight to 1.138.4 and 1.139.2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61672.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61672.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61672
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14801
published_at 2026-06-12T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14679
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61672
2
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
3
reference_url https://github.com/element-hq/synapse/releases/tag/v1.138.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/releases/tag/v1.138.4
4
reference_url https://github.com/element-hq/synapse/releases/tag/v1.139.2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/releases/tag/v1.139.2
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117854
reference_id 1117854
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117854
6
reference_url https://github.com/element-hq/synapse/pull/17097
reference_id 17097
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/pull/17097
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402525
reference_id 2402525
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402525
8
reference_url https://github.com/element-hq/synapse/commit/26aaaf9e48fff80cf67a20c691c75d670034b3c1
reference_id 26aaaf9e48fff80cf67a20c691c75d670034b3c1
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/commit/26aaaf9e48fff80cf67a20c691c75d670034b3c1
9
reference_url https://github.com/element-hq/synapse/commit/7069636c2d6d1ef2022287addf3ed8b919ef2740
reference_id 7069636c2d6d1ef2022287addf3ed8b919ef2740
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/commit/7069636c2d6d1ef2022287addf3ed8b919ef2740
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61672
reference_id CVE-2025-61672
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61672
11
reference_url https://github.com/advisories/GHSA-fh66-fcv5-jjfr
reference_id GHSA-fh66-fcv5-jjfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh66-fcv5-jjfr
12
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr
reference_id GHSA-fh66-fcv5-jjfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr
13
reference_url https://github.com/element-hq/synapse/releases/tag/v1.138.3
reference_id v1.138.3
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/releases/tag/v1.138.3
14
reference_url https://github.com/element-hq/synapse/releases/tag/v1.139.1
reference_id v1.139.1
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/releases/tag/v1.139.1
fixed_packages
0
url pkg:pypi/matrix-synapse@1.138.3
purl pkg:pypi/matrix-synapse@1.138.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-n8mv-4upg-hfa3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.138.3
1
url pkg:pypi/matrix-synapse@1.139.1
purl pkg:pypi/matrix-synapse@1.139.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-n8mv-4upg-hfa3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.139.1
aliases CVE-2025-61672, GHSA-fh66-fcv5-jjfr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y6j7-eetd-pkfh
32
url VCID-ygy4-xzjr-2fdc
vulnerability_id VCID-ygy4-xzjr-2fdc
summary cross-site scripting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26891
reference_id
reference_type
scores
0
value 0.00439
scoring_system epss
scoring_elements 0.63591
published_at 2026-06-11T12:55:00Z
1
value 0.00439
scoring_system epss
scoring_elements 0.63693
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26891
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/pull/8444
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/8444
3
reference_url https://github.com/matrix-org/synapse/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases
4
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.21.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.21.2
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2020-238.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2020-238.yaml
6
reference_url https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisory
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisory
7
reference_url https://security.archlinux.org/ASA-202011-4
reference_id ASA-202011-4
reference_type
scores
url https://security.archlinux.org/ASA-202011-4
8
reference_url https://security.archlinux.org/AVG-1252
reference_id AVG-1252
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1252
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26891
reference_id CVE-2020-26891
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26891
10
reference_url https://github.com/advisories/GHSA-3x8c-fmpc-5rmq
reference_id GHSA-3x8c-fmpc-5rmq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x8c-fmpc-5rmq
11
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq
reference_id GHSA-3x8c-fmpc-5rmq
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq
fixed_packages
0
url pkg:pypi/matrix-synapse@1.21.0
purl pkg:pypi/matrix-synapse@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-2du1-3n24-rbgx
4
vulnerability VCID-3ngy-dt6j-tuef
5
vulnerability VCID-4kph-6snj-huhk
6
vulnerability VCID-5h97-3s9w-c3ab
7
vulnerability VCID-6a8s-n8vb-hker
8
vulnerability VCID-7v7h-zrjj-pkh3
9
vulnerability VCID-86br-xun2-gudx
10
vulnerability VCID-8974-zsm2-ybbv
11
vulnerability VCID-8n5g-1zby-77gj
12
vulnerability VCID-9uhc-e3bj-nqg7
13
vulnerability VCID-ahwq-36cc-pqhn
14
vulnerability VCID-b2u5-56b4-63ae
15
vulnerability VCID-bkk8-srvr-pqfj
16
vulnerability VCID-c1vt-9j6a-b7cr
17
vulnerability VCID-cjar-y1hc-4ybu
18
vulnerability VCID-dux1-nmrm-xqa1
19
vulnerability VCID-g8ff-1859-ekhm
20
vulnerability VCID-hqwh-2un3-bqd8
21
vulnerability VCID-j879-8928-yyh8
22
vulnerability VCID-n8mv-4upg-hfa3
23
vulnerability VCID-p9ck-pwqp-qyc7
24
vulnerability VCID-rcdd-qkxt-nuez
25
vulnerability VCID-s1jf-x5ug-jqcq
26
vulnerability VCID-sz98-t7z9-bqea
27
vulnerability VCID-v2m6-n5w2-wfc5
28
vulnerability VCID-vns7-ssd1-8bhe
29
vulnerability VCID-y6j7-eetd-pkfh
30
vulnerability VCID-yu4n-aq57-67g5
31
vulnerability VCID-yync-gs3f-nyax
32
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.21.0
aliases CVE-2020-26891, GHSA-3x8c-fmpc-5rmq, PYSEC-2020-238
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygy4-xzjr-2fdc
33
url VCID-yu4n-aq57-67g5
vulnerability_id VCID-yu4n-aq57-67g5
summary Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21333
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.60129
published_at 2026-06-11T12:55:00Z
1
value 0.00385
scoring_system epss
scoring_elements 0.60236
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21333
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df
3
reference_url https://github.com/matrix-org/synapse/pull/9200
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/9200
4
reference_url https://github.com/matrix-org/synapse/releases/tag/v1.27.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v1.27.0
5
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-c5f8-35qr-q4fm
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-c5f8-35qr-q4fm
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-134.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-134.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21333
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21333
9
reference_url https://github.com/advisories/GHSA-c5f8-35qr-q4fm
reference_id GHSA-c5f8-35qr-q4fm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c5f8-35qr-q4fm
fixed_packages
0
url pkg:pypi/matrix-synapse@1.27.0
purl pkg:pypi/matrix-synapse@1.27.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-27ht-47d2-77f6
2
vulnerability VCID-2ctw-4fy5-4ufd
3
vulnerability VCID-3ngy-dt6j-tuef
4
vulnerability VCID-4kph-6snj-huhk
5
vulnerability VCID-5h97-3s9w-c3ab
6
vulnerability VCID-7v7h-zrjj-pkh3
7
vulnerability VCID-86br-xun2-gudx
8
vulnerability VCID-8974-zsm2-ybbv
9
vulnerability VCID-8n5g-1zby-77gj
10
vulnerability VCID-9uhc-e3bj-nqg7
11
vulnerability VCID-b2u5-56b4-63ae
12
vulnerability VCID-bkk8-srvr-pqfj
13
vulnerability VCID-c1vt-9j6a-b7cr
14
vulnerability VCID-cjar-y1hc-4ybu
15
vulnerability VCID-dux1-nmrm-xqa1
16
vulnerability VCID-g8ff-1859-ekhm
17
vulnerability VCID-hqwh-2un3-bqd8
18
vulnerability VCID-j879-8928-yyh8
19
vulnerability VCID-n8mv-4upg-hfa3
20
vulnerability VCID-p9ck-pwqp-qyc7
21
vulnerability VCID-rcdd-qkxt-nuez
22
vulnerability VCID-s1jf-x5ug-jqcq
23
vulnerability VCID-sz98-t7z9-bqea
24
vulnerability VCID-vns7-ssd1-8bhe
25
vulnerability VCID-y6j7-eetd-pkfh
26
vulnerability VCID-yync-gs3f-nyax
27
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.27.0
aliases CVE-2021-21333, GHSA-c5f8-35qr-q4fm, PYSEC-2021-134
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yu4n-aq57-67g5
34
url VCID-yync-gs3f-nyax
vulnerability_id VCID-yync-gs3f-nyax
summary Multiple vulnerabilites have been found in Synapse, the worst of which could result in information leaks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45129.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45129.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45129
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.5038
published_at 2026-06-11T12:55:00Z
1
value 0.00266
scoring_system epss
scoring_elements 0.50513
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45129
2
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
3
reference_url https://github.com/matrix-org/synapse/commit/f84da3c32ec74cf054e2fd6d10618aa4997cffaa
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/f84da3c32ec74cf054e2fd6d10618aa4997cffaa
4
reference_url https://github.com/matrix-org/synapse/pull/16360
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/16360
5
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-199.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-199.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEVRB4MG5UXQ5RLZHSUJXM5GWEBYYS5B
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEVRB4MG5UXQ5RLZHSUJXM5GWEBYYS5B
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRO4MPQ6HOXIUZM6RJP6VTCTMV7RD2T3
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRO4MPQ6HOXIUZM6RJP6VTCTMV7RD2T3
10
reference_url https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45129
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45129
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243128
reference_id 2243128
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243128
13
reference_url https://github.com/advisories/GHSA-5chr-wjw5-3gq4
reference_id GHSA-5chr-wjw5-3gq4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5chr-wjw5-3gq4
fixed_packages
0
url pkg:pypi/matrix-synapse@1.94.0
purl pkg:pypi/matrix-synapse@1.94.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-7v7h-zrjj-pkh3
4
vulnerability VCID-c1vt-9j6a-b7cr
5
vulnerability VCID-hqwh-2un3-bqd8
6
vulnerability VCID-n8mv-4upg-hfa3
7
vulnerability VCID-rcdd-qkxt-nuez
8
vulnerability VCID-s1jf-x5ug-jqcq
9
vulnerability VCID-y6j7-eetd-pkfh
10
vulnerability VCID-z6uu-5bdh-pud4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.94.0
aliases CVE-2023-45129, GHSA-5chr-wjw5-3gq4, PYSEC-2023-199
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yync-gs3f-nyax
35
url VCID-z6uu-5bdh-pud4
vulnerability_id VCID-z6uu-5bdh-pud4
summary Multiple vulnerabilites have been found in Synapse, the worst of which could result in information leaks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43796
reference_id
reference_type
scores
0
value 0.00233
scoring_system epss
scoring_elements 0.46455
published_at 2026-06-12T12:55:00Z
1
value 0.00233
scoring_system epss
scoring_elements 0.46309
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43796
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f
3
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-230.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-230.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43796
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43796
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055255
reference_id 1055255
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055255
9
reference_url https://github.com/advisories/GHSA-mp92-3jfm-3575
reference_id GHSA-mp92-3jfm-3575
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mp92-3jfm-3575
10
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.95.1
purl pkg:pypi/matrix-synapse@1.95.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-7v7h-zrjj-pkh3
4
vulnerability VCID-c1vt-9j6a-b7cr
5
vulnerability VCID-hqwh-2un3-bqd8
6
vulnerability VCID-n8mv-4upg-hfa3
7
vulnerability VCID-rcdd-qkxt-nuez
8
vulnerability VCID-s1jf-x5ug-jqcq
9
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.95.1
aliases CVE-2023-43796, GHSA-mp92-3jfm-3575, PYSEC-2023-230
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6uu-5bdh-pud4
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.2.0rc1