Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
pypi matrix-synapse Security Advisories
Loading...
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
GSA_kwCzR0hTQS1mbXZoLXJ2cTUtaGhqeM4AASvD
Matrix Synapse Improper Signature ValidationEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
GSA_kwCzR0hTQS1qcnFtLXY4Y3YtNTN3d83vAg
Matrix Synapse Predictable Secret KeyEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 1 year ago
GSA_kwCzR0hTQS1qaGpoLTc3Nm0tNDc2Nc4AAujv
Denial of service due to incorrect application of event authorization rulesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
GSA_kwCzR0hTQS12OHdtLWc5ZjIteGp2NM4AASqT
Matrix Synapse Security Filtering FlawEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
GSA_kwCzR0hTQS12bWNjLTRwNHgteDd3Z84AAWzZ
Matrix Synapse DoSEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
GSA_kwCzR0hTQS1jaDV2LWZoZzgtN2d2Oc4AASpv
Matrix Synapse Authorization ErrorEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 2 years ago
GSA_kwCzR0hTQS1jcHB3LTJtZjgtcXBtNc4AAq-J
Improper Verification of Cryptographic Signature in matrix-synapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
GSA_kwCzR0hTQS1nd2Y3LXZmamYtd2Y2eM4AAgqX
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNGEcosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcDMtMzg1ci12NjNm
Denial of service attack due to invalid JSONEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
GSA_kwCzR0hTQS0zaGZ3LXg3Z3gtNDM3Y80X4Q
Path traversal in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzNDUtMzJyYy04aDg1
Denial of service attack via push rule patterns in matrix-synapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 3 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5MzYtajhncC05cTNw
Open redirects on some federation and push requestsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 3 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4NGMtcHEzMy00dzNx
Improper authorisation of members discloses room membership to non-membersEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 11 months ago
GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1
Synapse has URL deny list bypass via oEmbed and image URLs when generating previewsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 11 months ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 7 months ago
GSA_kwCzR0hTQS03NTY1LWNxMzItdngyeM4AA2C2
matrix-synapse vulnerable to improper validation of receipts allows forged read receiptsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 7 months ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNTMtOGZtdy1mMncy
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnctNTZtMi01ODk5
Cross-site scripting (XSS) vulnerability in the password reset endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3cmgtNGp3di01dzc4
Open redirect via transitional IPv6 addresses on dual-stack networksEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monolithsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5ZmcteGZmaC1wMzYy
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpointsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1ZjgtMzVxci1xNGZt
HTML injection in email and account expiry notificationsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJod3gtbWpybS12M2c4
Denial of service attack via .well-known lookupsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bXAtcHFjaC1jOG1t
Denial of service attack via incorrect parameters in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 11 days ago
GSA_kwCzR0hTQS0zaDdxLXJmaDkteG00ds4AA7QQ
Synapse V2 state resolution weakness allows Denial of Service (DoS)Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 11 days ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyaDctbWhoeC02aDg4
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpointsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 12 months ago
GSA_kwCzR0hTQS00NWNqLWY5N2YtZ2d3ds4AAzdJ
Synapse does not apply enough checks to servers requesting auth events of events in a roomEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 12 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 11 months ago
GSA_kwCzR0hTQS0yNmM1LXBwcjgtZjMzcM4AAzr0
Synapse has improper checks for deactivated users during loginEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 11 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 12 months ago
GSA_kwCzR0hTQS1wOXFwLWM0NTItZjlyN84AAzdK
Synapse Denial of service due to incorrect application of event authorization rules during state resolutionEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 12 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 7 months ago
GSA_kwCzR0hTQS01Y2hyLXdqdzUtM2dxNM4AA2X1
matrix-synapse vulnerable to denial of service due to malicious server ACL eventsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 years ago
GSA_kwCzR0hTQS00ODIyLWp2d3gtdzQ3aM03pA
Uncontrolled Resource Consumption in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206
Synapse vulnerable to leak of remote user device informationEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNXYtODV3OS1wcTZj
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OGMtZm1wYy01cm1x
Cross-site scripting (XSS) vulnerability in the fallback authentication endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 12 months ago
GSA_kwCzR0hTQS1mM3djLTN2eHYteG12cs4AAzdM
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invitesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 12 months ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 4
Ecosystems: 12
Packages: 8,294
Repositories: 4
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
tensorflow
432
tensorflow-cpu
387
tensorflow-gpu
384
django
80
apache-airflow
78
ansible
63
salt
50
apache-superset
48
Plone
45
plone
43
rdiffweb
42
Pillow
41
vyper
38
matrix-synapse
35
mlflow
31
opencv-python
30
opencv-contrib-python
30
Django
27
moin
23
langchain
18
PaddlePaddle
17
mercurial
17
cobbler
17
pillow
16
nova
15
paddlepaddle
15
notebook
15
cryptography
15
gradio
14
modoboa
14
pyftpdlib
14
keystone
14
pyload-ng
14
neutron
13
OctoPrint
12
vantage6
12
glance
11
calibreweb
11
twisted
11
urllib3
11
aiohttp
11
onionshare-cli
11
trytond
10
wagtail
10
Flask-AppBuilder
10
zope
9
opencv-contrib-python-headless
9
opencv-python-headless
9
ethyca-fides
9
waitress
9
Zope
9
kiwitcms
9
trac
8
numpy
8
python-keystoneclient
8
aubio
8
roundup
8
nautobot
8
label-studio
8
swift
7
jupyter-server
7
pysaml2
7
pgadmin4
7
lief
7
scrapy
7
ipython
7
pip
7
matrix-sydent
7
mailman
6
apache-airflow-providers-apache-hive
6
lxml
6
Zope2
6
sentry
6
tuf
6
web2py
6
horizon
6
graphite-web
6
mindsdb
6
inventree
6
bleach
5
pyspark
5
saleor
5
lmdb
5
ckan
5
requests
5
python-gnupg
5
feedparser
5
whoogle-search
5
Products.CMFPlone
5
paramiko
5
cinder
5
jupyterhub
4
tripleo-heat-templates
4
bottle
4
Radicale
4
aws-iot-device-sdk-v2
4
Pygments
4
reportlab
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
markdown2
4
awsiotsdk
4
nltk
4
starlette
4
nvflare
4
datasette
4
Jinja2
4
ansible-core
4
transformers
4
esphome
4
httpie
4
Flask-Security-Too
4
grpc
4
keylime
4
grpcio
4
oauthenticator
4
FreeTAKServer-UI
4
tornado
4
PyPDF2
4
buildbot
4
pretix
4
werkzeug
4
GitPython
4
omero-web
4
yt-dlp
4
jwcrypto
4
qutebrowser
4
mistune
3
Mezzanine
3
gerapy
3
SQLAlchemy
3
copyparty
3
django-helpdesk
3
Werkzeug
3
dulwich
3
pyyaml
3
sanic
3
flask
3
pandasai
3
mayan-edms
3
barbican
3
aim
3
indy-node
3
protobuf
3
ryu
3
streamlit
3
httplib2
3
sosreport
3
zenml
3
sickrage
3
rsa
3
Weblate
3
ujson
3
openvpn-monitor
3
Keystone
3
pyarrow
3
Products.PluggableAuthService
3
changedetection.io
3
ajenti
3
fava
3
Moin
3
pycrypto
3
mitmproxy
3
keyring
3
io.grpc:grpc-protobuf
3
wger
3
apache-libcloud
3
ecdsa
3
plone.app.event
3
plone.app.theming
3
plone.app.dexterity
3
plone.supermodel
3
sqlparse
3
homeassistant
3
onnx
3
asyncua
3
torchserve
3
ansible-runner
3
localstack
3
poetry
3
bitlyshortener
3
indico
3
octavia
3
slixmpp
3
jupyterlab
3
clearml
3
docassemble.webapp
3
apache-iotdb
3
asyncssh
3
quokka
3
pywasm3
3
apache-airflow-providers-apache-spark
3
ray
3
python-jose
3
pymatgen
2
pyxdg
2
openapi-python-client
2
wagtail-2fa
2
zope2
2
py
2
ctx
2