Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
pypi matrix-synapse Security Advisories
Loading...
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206
Synapse vulnerable to leak of remote user device informationEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS01Y2hyLXdqdzUtM2dxNM4AA2X1
matrix-synapse vulnerable to denial of service due to malicious server ACL eventsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 months ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS03NTY1LWNxMzItdngyeM4AA2C2
matrix-synapse vulnerable to improper validation of receipts allows forged read receiptsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 2 months ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 2 months ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1
Synapse has URL deny list bypass via oEmbed and image URLs when generating previewsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS0yNmM1LXBwcjgtZjMzcM4AAzr0
Synapse has improper checks for deactivated users during loginEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS1mM3djLTN2eHYteG12cs4AAzdM
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invitesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS1wOXFwLWM0NTItZjlyN84AAzdK
Synapse Denial of service due to incorrect application of event authorization rules during state resolutionEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS00NWNqLWY5N2YtZ2d3ds4AAzdJ
Synapse does not apply enough checks to servers requesting auth events of events in a roomEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1qaGpoLTc3Nm0tNDc2Nc4AAujv
Denial of service due to incorrect application of event authorization rulesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monolithsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1jcHB3LTJtZjgtcXBtNc4AAq-J
Improper Verification of Cryptographic Signature in matrix-synapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1nd2Y3LXZmamYtd2Y2eM4AAgqX
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNGEcosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS12bWNjLTRwNHgteDd3Z84AAWzZ
Matrix Synapse DoSEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1mbXZoLXJ2cTUtaGhqeM4AASvD
Matrix Synapse Improper Signature ValidationEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1jaDV2LWZoZzgtN2d2Oc4AASpv
Matrix Synapse Authorization ErrorEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS12OHdtLWc5ZjIteGp2NM4AASqT
Matrix Synapse Security Filtering FlawEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1qcnFtLXY4Y3YtNTN3d83vAg
Matrix Synapse Predictable Secret KeyEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS00ODIyLWp2d3gtdzQ3aM03pA
Uncontrolled Resource Consumption in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
GSA_kwCzR0hTQS0zaGZ3LXg3Z3gtNDM3Y80X4Q
Path traversal in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNTMtOGZtdy1mMncy
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4NGMtcHEzMy00dzNx
Improper authorisation of members discloses room membership to non-membersEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNXYtODV3OS1wcTZj
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzNDUtMzJyYy04aDg1
Denial of service attack via push rule patterns in matrix-synapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3cmgtNGp3di01dzc4
Open redirect via transitional IPv6 addresses on dual-stack networksEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5ZmcteGZmaC1wMzYy
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpointsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyaDctbWhoeC02aDg4
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpointsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1ZjgtMzVxci1xNGZt
HTML injection in email and account expiry notificationsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnctNTZtMi01ODk5
Cross-site scripting (XSS) vulnerability in the password reset endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJod3gtbWpybS12M2c4
Denial of service attack via .well-known lookupsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 3 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5MzYtajhncC05cTNw
Open redirects on some federation and push requestsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bXAtcHFjaC1jOG1t
Denial of service attack via incorrect parameters in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 3 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcDMtMzg1ci12NjNm
Denial of service attack due to invalid JSONEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OGMtZm1wYy01cm1x
Cross-site scripting (XSS) vulnerability in the fallback authentication endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 3 years ago
Filter by Severity
Filter by Ecosystem
Filter by Package
tensorflow
433
tensorflow-cpu
387
tensorflow-gpu
384
django
78
apache-airflow
65
ansible
53
rdiffweb
42
Pillow
40
apache-superset
39
plone
36
matrix-synapse
34
Plone
32
opencv-python
30
opencv-contrib-python
30
vyper
23
Django
16
langchain
15
modoboa
14
notebook
13
pyftpdlib
13
cobbler
13
nova
13
pillow
13
onionshare-cli
12
mlflow
12
cryptography
12
calibreweb
11
twisted
11
keystone
11
urllib3
11
OctoPrint
10
salt
10
kiwitcms
9
opencv-contrib-python-headless
9
opencv-python-headless
9
pyload-ng
9
glance
9
waitress
9
ethyca-fides
9
wagtail
9
Flask-AppBuilder
8
Zope
8
aiohttp
8
numpy
8
aubio
8
pysaml2
7
matrix-sydent
7
pip
7
paddlepaddle
7
python-keystoneclient
7
swift
7
vantage6
7
lief
6
mailman
6
ipython
6
web2py
6
inventree
6
graphite-web
6
python-gnupg
6
jupyter-server
6
Zope2
6
lxml
6
apache-airflow-providers-apache-hive
6
zope
5
bleach
5
gradio
5
keylime
5
tuf
5
requests
5
feedparser
5
neutron
5
pgadmin4
5
sentry
5
Products.CMFPlone
5
pyspark
5
starlette
4
aws-iot-device-sdk-v2
4
awsiotsdk
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
PyPDF2
4
Pygments
4
qutebrowser
4
reportlab
4
httpie
4
omero-web
4
Flask-Security-Too
4
scrapy
4
gerapy
4
Jinja2
4
bottle
4
label-studio
4
werkzeug
4
markdown2
4
FreeTAKServer-UI
4
nltk
4
horizon
4
saleor
4
nvflare
4
datasette
4
mitmproxy
3
cinder
3
keyring
3
ray
3
indy-node
3
rsa
3
paramiko
3
grpcio
3
grpc
3
io.grpc:grpc-protobuf
3
GitPython
3
localstack
3
pretix
3
wger
3
bitlyshortener
3
barbican
3
plone.app.theming
3
plone.supermodel
3
indico
3
plone.app.dexterity
3
plone.app.event
3
ujson
3
sickrage
3
Products.PluggableAuthService
3
ansible-runner
3
pyarrow
3
fava
3
yt-dlp
3
oauthenticator
3
pywasm3
3
ckan
3
roundup
3
quokka
3
poetry
3
Weblate
3
slixmpp
3
trytond
3
copyparty
3
django-helpdesk
3
mistune
3
flask
3
jupyterhub
3
torchserve
3
tripleo-heat-templates
3
apache-airflow-providers-apache-spark
3
Werkzeug
3
protobuf
3
ecdsa
3
nautobot
3
asyncua
3
moin
3
pyyaml
3
mayan-edms
3
redis
2
ubi-reader
2
certifi
2
apache-airflow-providers-apache-drill
2
kallithea
2
html5lib
2
github.com/protocolbuffers/protobuf
2
google/protobuf
2
Google.Protobuf
2
cabot
2
org.apache.spark:spark-core
2
pandasai
2
tornado
2
guarddog
2
openzeppelin-cairo-contracts
2
typed-ast
2
pyxdg
2
keystonemiddleware
2
Twisted
2
Products.CMFCore
2
distributed
2
py
2
org.apache.spark:spark-parent_2.12
2
apache-submarine
2
superset
2
binwalk
2
petl
2
plone.restapi
2
djblets
2
aws-encryption-sdk-cli
2
asyncssh
2
Radicale
2
scancodeio
2
untangle
2
markdown-it-py
2
apache-iotdb
2
aiohttp-session
2
CairoSVG
2
mercurial
2
pyjwt
2
apache-airflow-providers-google
2
apache-airflow-providers-apache-sqoop
2
flower
2
RestrictedPython
2
djangorestframework
2
autobahn
2
python-cjson
2
piccolo
2
Red-DiscordBot
2
red-arrow
2
logilab-common
2
websockets
2
ansible-core
2
django-sendfile2
2
python-ldap
2
safeurl-python
2
pretalx
2
pypdf
2
ctx
2
snowflake-connector-python
2
plone.app.contenttypes
2
setuptools
2
pytorch-lightning
2
buildbot
2
starkbank-ecdsa
2
simiki
2
FreeTAKServer
2
archivy
2
scout-browser
2
django-anymail
2
proteus
2
ryu
2
parlai
2
uvicorn
2
aws-encryption-sdk
2
django-unicorn
2
pikepdf
2
shuup
2
dompurify
2
pycrypto
2
bikeshed
2
wasm3
2
django-cms
2
mindsdb
2
python-libnmap
2
apache-airflow-providers-odbc
2
mako
2
in-toto
2
python-apt
2
webargs
2
tripleo-ansible
2
tlslite-ng
2
httplib2
2
pyopenssl
2
AccessControl
2
sqlparse
2
openapi-python-client
2
rpyc
2
sanic
2
wagtail-2fa
2
loguru
2
keycloak-httpd-client-install
2
SQLAlchemy
2
aioxmpp
2
streamlit
2
parso
1
elastic-apm
1
tortoise-orm
1
gitpython
1
easybuild-framework
1
tkvideoplayer
1
tendenci
1
IPython
1
phoenix-ws
1
archivebox
1
dtale
1
oauthlib
1
autogluon.multimodal
1
openssl-src
1
torch
1
feedgen
1
sqlfluff
1
jupyter-core
1
binderhub
1
tqdm
1
admesh
1
marcador
1
apache-airflow-providers-microsoft-mssql
1
django-grappelli
1
onefuzz
1
com.google.protobuf:protobuf-parent
1
coderedcms
1
ceilometer
1
Beaker
1
suds
1
mat2
1
hnswlib
1
com.google.protobuf:protobuf-java
1
sqla-yaml-fixtures
1
octoprint
1
zbar
1
python-docx
1
clickhouse-driver
1
django-mfa2
1
exotel
1
jefferson
1
python-swiftclient
1
pdm
1