Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/97997?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97997?format=api", "vulnerability_id": "VCID-qx1v-rgxp-2ydj", "summary": "The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.", "aliases": [ { "alias": "CVE-2025-49090" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1181692?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=aarch64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=aarch64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1181693?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=armhf&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=armhf&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1181694?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=armv7&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1181695?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=loongarch64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1181696?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=ppc64le&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1181697?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/175848?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/175849?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=armhf&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/175850?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=armv7&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=armv7&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/175851?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/175852?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=ppc64le&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/175853?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/175854?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=s390x&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/175855?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=x86&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/175856?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/242794?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=aarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/242795?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=armhf&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=armhf&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/242796?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=armv7&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=armv7&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/242797?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=loongarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=loongarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/242798?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=ppc64le&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=ppc64le&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/242799?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=riscv64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=riscv64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/242800?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=s390x&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=s390x&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/242801?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=x86&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=x86&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/242802?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=x86_64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=x86_64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/279056?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=aarch64&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=aarch64&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/279057?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=armhf&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=armhf&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/279058?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=armv7&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=armv7&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/279059?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=loongarch64&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=loongarch64&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/279060?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=ppc64le&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=ppc64le&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/279061?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=riscv64&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=riscv64&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/279062?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=s390x&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=s390x&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/279063?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=x86&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=x86&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/279064?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=x86_64&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=x86_64&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1181698?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=s390x&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=s390x&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1181699?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=x86&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=x86&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1181700?format=api", "purl": "pkg:apk/alpine/synapse@1.135.1-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.135.1-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49090", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17393", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17547", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17574", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17557", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49090" }, { "reference_url": "https://github.com/Nheko-Reborn/nheko/issues/1931", "reference_id": "1931", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-02T19:34:21Z/" } ], "url": "https://github.com/Nheko-Reborn/nheko/issues/1931" }, { "reference_url": "https://matrix.org/blog/2025/08/project-hydra-improving-state-res/", "reference_id": "project-hydra-improving-state-res", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-02T19:34:21Z/" } ], "url": "https://matrix.org/blog/2025/08/project-hydra-improving-state-res/" }, { "reference_url": "https://matrix.org/blog/2025/08/security-release/", "reference_id": "security-release", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-02T19:34:21Z/" } ], "url": "https://matrix.org/blog/2025/08/security-release/" }, { "reference_url": "https://github.com/matrix-org/matrix-spec/releases/tag/v1.16", "reference_id": "v1.16", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-02T19:34:21Z/" } ], "url": "https://github.com/matrix-org/matrix-spec/releases/tag/v1.16" } ], "weaknesses": [ { "cwe_id": 642, "name": "External Control of Critical State Data", "description": "The product stores security-critical state information about its users, or the product itself, in a location that is accessible to unauthorized actors." } ], "exploits": [], "severity_range_score": "7.1 - 7.1", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qx1v-rgxp-2ydj" }