Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi matrix-synapse Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0zaDdxLXJmaDkteG00ds4AA7QQ
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206
Synapse vulnerable to leak of remote user device information
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01Y2hyLXdqdzUtM2dxNM4AA2X1
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 9 months ago
Low
GSA_kwCzR0hTQS03NTY1LWNxMzItdngyeM4AA2C2
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 10 months ago
Low
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 10 months ago
Low
GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yNmM1LXBwcjgtZjMzcM4AAzr0
Synapse has improper checks for deactivated users during login
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mM3djLTN2eHYteG12cs4AAzdM
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wOXFwLWM0NTItZjlyN84AAzdK
Synapse Denial of service due to incorrect application of event authorization rules during state resolution
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NWNqLWY5N2YtZ2d3ds4AAzdJ
Synapse does not apply enough checks to servers requesting auth events of events in a room
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qaGpoLTc3Nm0tNDc2Nc4AAujv
Denial of service due to incorrect application of event authorization rules
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jcHB3LTJtZjgtcXBtNc4AAq-J
Improper Verification of Cryptographic Signature in matrix-synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nd2Y3LXZmamYtd2Y2eM4AAgqX
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
Ecosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS12bWNjLTRwNHgteDd3Z84AAWzZ
Matrix Synapse DoS
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mbXZoLXJ2cTUtaGhqeM4AASvD
Matrix Synapse Improper Signature Validation
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jaDV2LWZoZzgtN2d2Oc4AASpv
Matrix Synapse Authorization Error
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS12OHdtLWc5ZjIteGp2NM4AASqT
Matrix Synapse Security Filtering Flaw
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qcnFtLXY4Y3YtNTN3d83vAg
Matrix Synapse Predictable Secret Key
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00ODIyLWp2d3gtdzQ3aM03pA
Uncontrolled Resource Consumption in Matrix Synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zaGZ3LXg3Z3gtNDM3Y80X4Q
Path traversal in Matrix Synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNTMtOGZtdy1mMncy
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4NGMtcHEzMy00dzNx
Improper authorisation of members discloses room membership to non-members
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNXYtODV3OS1wcTZj
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzNDUtMzJyYy04aDg1
Denial of service attack via push rule patterns in matrix-synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3cmgtNGp3di01dzc4
Open redirect via transitional IPv6 addresses on dual-stack networks
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5ZmcteGZmaC1wMzYy
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyaDctbWhoeC02aDg4
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1ZjgtMzVxci1xNGZt
HTML injection in email and account expiry notifications
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnctNTZtMi01ODk5
Cross-site scripting (XSS) vulnerability in the password reset endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJod3gtbWpybS12M2c4
Denial of service attack via .well-known lookups
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5MzYtajhncC05cTNw
Open redirects on some federation and push requests
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bXAtcHFjaC1jOG1t
Denial of service attack via incorrect parameters in Matrix Synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcDMtMzg1ci12NjNm
Denial of service attack due to invalid JSON
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OGMtZm1wYy01cm1x
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Statistics
Advisories: 19,479
Packages: 8,596
Repositories: 4
Ecosystems: 12
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 apache-airflow 80 django 80 ansible 63 salt 55 Plone 52 apache-superset 50 nova 47 mlflow 46 plone 43 rdiffweb 42 Pillow 41 vyper 38 Django 36 moin 35 matrix-synapse 35 keystone 31 opencv-contrib-python 30 opencv-python 30 glance 20 langchain 19 gradio 18 cobbler 17 mercurial 17 PaddlePaddle 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 13 ethyca-fides 13 urllib3 12 swift 12 wagtail 12 calibreweb 11 twisted 11 horizon 11 zenml 11 onionshare-cli 11 aiohttp 11 trytond 10 Flask-AppBuilder 10 nautobot 10 ryu 9 waitress 9 cinder 9 opencv-python-headless 9 opencv-contrib-python-headless 9 Zope 9 kiwitcms 9 zope 9 roundup 9 numpy 8 trac 8 python-keystoneclient 8 aubio 8 label-studio 8 pysaml2 7 scrapy 7 jupyter-server 7 lief 7 pgadmin4 7 sentry 7 matrix-sydent 7 ipython 7 pip 7 litellm 7 lollms 7 web2py 6 tornado 6 mindsdb 6 inventree 6 Moin 6 tuf 6 yt-dlp 6 requests 6 lxml 6 graphite-web 6 apache-airflow-providers-apache-hive 6 Zope2 6 mailman 6 python-gnupg 5 nltk 5 omero-web 5 Jinja2 5 pyspark 5 ckan 5 Products.CMFPlone 5 lmdb 5 saleor 5 feedparser 5 oauthenticator 5 whoogle-search 5 bleach 5 paramiko 5 markdown2 4 Scrapy 4 jupyterhub 4 Radicale 4 qutebrowser 4 PyPDF2 4 transformers 4 FreeTAKServer-UI 4 GitPython 4 reportlab 4 keylime 4 Pygments 4 buildbot 4 httpie 4 esphome 4 Weblate 4 tripleo-heat-templates 4 pretix 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 jwcrypto 4 bottle 4 grpcio 4 grpc 4 starlette 4 werkzeug 4 Flask-Security-Too 4 ansible-core 4 datasette 4 Keystone 4 Werkzeug 4 barbican 4 nvflare 4 apache-iotdb 3 rsa 3 copyparty 3 fava 3 flask 3 apache-airflow-providers-apache-spark 3 pyyaml 3 Nova 3 SQLAlchemy 3 apache-libcloud 3 vanna 3 Kallithea 3 langchain-experimental 3 mitmproxy 3 mayan-edms 3 pandasai 3 certifi 3 protobuf 3 indico 3 ray 3 streamlit 3 dtale 3 asyncssh 3 keyring 3 pyarrow 3 changedetection.io 3 wger 3 asyncua 3 ajenti 3 dbt-core 3 sanic 3 scikit-learn 3 llama-index 3 ansible-runner 3 dulwich 3 octavia 3 slixmpp 3 clearml 3 docassemble.webapp 3 quokka 3 pycrypto 3 plone.app.event 3 plone.app.theming 3 plone.app.dexterity 3 plone.supermodel 3 Red-DiscordBot 3 django-helpdesk 3 sqlparse 3 ujson 3 jupyter-server-proxy 3 io.grpc:grpc-protobuf 3 Mezzanine 3 sickrage 3 sosreport 3 httplib2 3 torchserve 3 homeassistant 3 onnx 3 python-jose 3 jupyterlab 3 poetry 3 localstack 3 mistune 3 openvpn-monitor 3