Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
pypi matrix-synapse Security Advisories
Loading...
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzNDUtMzJyYy04aDg1
Denial of service attack via push rule patterns in matrix-synapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5ZmcteGZmaC1wMzYy
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpointsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnctNTZtMi01ODk5
Cross-site scripting (XSS) vulnerability in the password reset endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5MzYtajhncC05cTNw
Open redirects on some federation and push requestsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1jcHB3LTJtZjgtcXBtNc4AAq-J
Improper Verification of Cryptographic Signature in matrix-synapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS1qaGpoLTc3Nm0tNDc2Nc4AAujv
Denial of service due to incorrect application of event authorization rulesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 9 months ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcDMtMzg1ci12NjNm
Denial of service attack due to invalid JSONEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1nd2Y3LXZmamYtd2Y2eM4AAgqX
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNGEcosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monolithsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 11 months ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS0zaGZ3LXg3Z3gtNDM3Y80X4Q
Path traversal in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OGMtZm1wYy01cm1x
Cross-site scripting (XSS) vulnerability in the fallback authentication endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNXYtODV3OS1wcTZj
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3cmgtNGp3di01dzc4
Open redirect via transitional IPv6 addresses on dual-stack networksEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyaDctbWhoeC02aDg4
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpointsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bXAtcHFjaC1jOG1t
Denial of service attack via incorrect parameters in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 1 day ago
GSA_kwCzR0hTQS0yNmM1LXBwcjgtZjMzcM4AAzr0
Synapse has improper checks for deactivated users during loginEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 14 days ago
GSA_kwCzR0hTQS1mM3djLTN2eHYteG12cs4AAzdM
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invitesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 14 days ago
GSA_kwCzR0hTQS1wOXFwLWM0NTItZjlyN84AAzdK
Synapse Denial of service due to incorrect application of event authorization rules during state resolutionEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 14 days ago
GSA_kwCzR0hTQS00NWNqLWY5N2YtZ2d3ds4AAzdJ
Synapse does not apply enough checks to servers requesting auth events of events in a roomEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 14 days ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 1 day ago
GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1
Synapse has URL deny list bypass via oEmbed and image URLs when generating previewsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1ZjgtMzVxci1xNGZt
HTML injection in email and account expiry notificationsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJod3gtbWpybS12M2c4
Denial of service attack via .well-known lookupsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4NGMtcHEzMy00dzNx
Improper authorisation of members discloses room membership to non-membersEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS00ODIyLWp2d3gtdzQ3aM03pA
Uncontrolled Resource Consumption in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 1 year ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNTMtOGZtdy1mMncy
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 2 years ago
Filter by Severity
Filter by Ecosystem
Filter by Package
tensorflow
433
tensorflow-cpu
387
tensorflow-gpu
384
apache-airflow
45
ansible
44
django
42
rdiffweb
40
Pillow
39
opencv-contrib-python
30
opencv-python
30
Plone
26
matrix-synapse
25
apache-superset
22
vyper
16
Django
15
notebook
13
pyftpdlib
13
nova
13
onionshare-cli
11
modoboa
11
calibreweb
11
twisted
10
opencv-contrib-python-headless
9
opencv-python-headless
9
waitress
9
cobbler
9
kiwitcms
8
OctoPrint
8
pyload-ng
8
glance
8
wagtail
8
keystone
8
cryptography
8
Flask-AppBuilder
7
pillow
7
pysaml2
7
numpy
7
urllib3
7
mlflow
7
lief
6
ipython
6
inventree
6
python-gnupg
6
Zope2
6
Zope
5
bleach
5
salt
5
matrix-sydent
5
tuf
5
pip
5
feedparser
5
lxml
5
swift
5
aws-iot-device-sdk-v2
4
awsiotsdk
4
qutebrowser
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
starlette
4
Flask-Security-Too
4
gerapy
4
Jinja2
4
markdown2
4
requests
4
neutron
4
graphite-web
4
nltk
4
jupyter-server
4
FreeTAKServer-UI
4
pyspark
4
scrapy
4
nvflare
4
apache-airflow-providers-apache-hive
4
cinder
3
indy-node
3
plone
3
protobuf
3
ckan
3
poetry
3
Pygments
3
Werkzeug
3
bitlyshortener
3
vantage6
3
plone.supermodel
3
flask
3
plone.app.event
3
plone.app.dexterity
3
plone.app.theming
3
ujson
3
omero-web
3
Products.PluggableAuthService
3
ansible-runner
3
jupyterhub
3
fava
3
mailman
3
bottle
3
paramiko
3
werkzeug
3
oauthenticator
3
pgadmin4
3
saleor
3
quokka
3
pyyaml
3
python-keystoneclient
3
httpie
3
mistune
3
mitmproxy
3
gradio
3
Weblate
3
django-helpdesk
3
ecdsa
3
datasette
3
aubio
3
moin
3
mayan-edms
3
Twisted
2
google/protobuf
2
label-studio
2
com.google.protobuf:protobuf-parent
2
github.com/protocolbuffers/protobuf
2
Google.Protobuf
2
untangle
2
openzeppelin-cairo-contracts
2
html5lib
2
aws-encryption-sdk-cli
2
petl
2
indico
2
parlai
2
apache-iotdb
2
markdown-it-py
2
mindsdb
2
guarddog
2
CairoSVG
2
pyjwt
2
pretalx
2
reportlab
2
apache-airflow-providers-google
2
tripleo-ansible
2
autobahn
2
flower
2
djangorestframework
2
aws-encryption-sdk
2
openapi-python-client
2
aiohttp-session
2
ubi-reader
2
rpyc
2
sanic
2
wagtail-2fa
2
typed-ast
2
redis
2
streamlit
2
aioxmpp
2
shuup
2
django-unicorn
2
simiki
2
dompurify
2
bikeshed
2
pycrypto
2
mako
2
in-toto
2
tripleo-heat-templates
2
sqlparse
2
py
2
sickrage
2
SQLAlchemy
2
webargs
2
rsa
2
aiohttp
2
httplib2
2
Red-DiscordBot
2
python-cjson
2
logilab-common
2
red-arrow
2
pyarrow
2
uvicorn
2
web2py
2
ctx
2
websockets
2
pyopenssl
2
python-ldap
2
django-sendfile2
2
tryton
2
safeurl-python
2
keyring
2
superset
2
paddlepaddle
2
pywasm3
2
trytond
2
roundup
2
pytorch-lightning
2
starkbank-ecdsa
2
binwalk
2
tlslite-ng
2
proteus
2
org.apache.spark:spark-parent_2.12
2
archivy
2
FreeTAKServer
2
distributed
2
scout-browser
2
django-anymail
2
python-libnmap
2
localstack
2
Products.CMFPlone
2
django-two-factor-auth
1
django-basic-auth-ip-whitelist
1
transformers
1
tornado
1
AccessControl
1
PyYAML
1
python-engineio
1
luigi
1
Products.PlonePAS
1
guake
1
url_regex
1
xmpp-http-upload
1
blazar-dashboard
1
aleksis-core
1
django-mfa3
1
datasette-graphql
1
amundsen-frontend
1
red-dashboard
1
flask-session-captcha
1
pollbot
1
alerta-server
1
py-mini-racer
1
botframework-connector
1
mod-wsgi
1
jsnapy
1
mercurial
1
django-rest-registration
1
jinja2
1
nemo_toolkit
1
rencode
1
pypiserver
1
jupyter_server
1
Lin-CMS
1
invenio-drafts-resources
1
invenio-rdm-records
1
papermerge
1
org.apache.spark:spark-core
1
sopel-modules.weather
1
invenio-records
1
tenable-jira-cloud
1
io.github.talelin:lin-cms-core
1
asyncpg
1
supervisor
1
xml2rfc
1
pymdown-extensions
1
svglib
1
jw.util
1
contentful
1
mpmath
1
invenio-app-rdm
1
gateone
1
thefuck
1
mysql-connector-python
1
jupyter-notebook
1
git-url-parse
1
openssh-key-parser
1
psiTurk
1
weixin-python
1
fastapi
1
TurboGears
1
blackduck
1
Kotti
1
Flask-Unchained
1
barbican
1
onnx
1
ihatemoney
1
XML2Dict
1
pywin32
1
django-celery-results
1
Glances
1
celery
1
pipenv
1
ladon
1
libtaxii
1
Flask-Caching
1
marshmallow
1
dnslib
1
recommender-xblock
1
mitogen
1
django-cms
1
pywb
1
CoAPthon3
1
django-widgy
1
django-crm
1
pulsar-client
1
omero-figure
1
CoAPthon
1
sqla-yaml-fixtures
1
sqlite-web
1
conference-scheduler-cli
1
pycryptodome
1
marcador
1
safety
1
mage-ai
1
py-evm
1
django-epiceditor
1
leo
1
spotipy
1