Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
pypi matrix-synapse Security Advisories
Loading...
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 1 day ago
GSA_kwCzR0hTQS0zaDdxLXJmaDkteG00ds4AA7QQ
Synapse V2 state resolution weakness allows Denial of Service (DoS)Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 1 day ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206
Synapse vulnerable to leak of remote user device informationEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 7 months ago
GSA_kwCzR0hTQS01Y2hyLXdqdzUtM2dxNM4AA2X1
matrix-synapse vulnerable to denial of service due to malicious server ACL eventsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 7 months ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 7 months ago
GSA_kwCzR0hTQS03NTY1LWNxMzItdngyeM4AA2C2
matrix-synapse vulnerable to improper validation of receipts allows forged read receiptsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 7 months ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 11 months ago
GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1
Synapse has URL deny list bypass via oEmbed and image URLs when generating previewsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 11 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 11 months ago
GSA_kwCzR0hTQS0yNmM1LXBwcjgtZjMzcM4AAzr0
Synapse has improper checks for deactivated users during loginEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 11 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 11 months ago
GSA_kwCzR0hTQS1mM3djLTN2eHYteG12cs4AAzdM
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invitesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 11 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 11 months ago
GSA_kwCzR0hTQS1wOXFwLWM0NTItZjlyN84AAzdK
Synapse Denial of service due to incorrect application of event authorization rules during state resolutionEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 11 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 11 months ago
GSA_kwCzR0hTQS00NWNqLWY5N2YtZ2d3ds4AAzdJ
Synapse does not apply enough checks to servers requesting auth events of events in a roomEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 11 months ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 1 year ago
GSA_kwCzR0hTQS1qaGpoLTc3Nm0tNDc2Nc4AAujv
Denial of service due to incorrect application of event authorization rulesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 1 year ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monolithsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 2 years ago
GSA_kwCzR0hTQS1jcHB3LTJtZjgtcXBtNc4AAq-J
Improper Verification of Cryptographic Signature in matrix-synapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
GSA_kwCzR0hTQS1nd2Y3LXZmamYtd2Y2eM4AAgqX
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNGEcosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
GSA_kwCzR0hTQS12bWNjLTRwNHgteDd3Z84AAWzZ
Matrix Synapse DoSEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
GSA_kwCzR0hTQS1mbXZoLXJ2cTUtaGhqeM4AASvD
Matrix Synapse Improper Signature ValidationEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
GSA_kwCzR0hTQS1jaDV2LWZoZzgtN2d2Oc4AASpv
Matrix Synapse Authorization ErrorEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
GSA_kwCzR0hTQS12OHdtLWc5ZjIteGp2NM4AASqT
Matrix Synapse Security Filtering FlawEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
GSA_kwCzR0hTQS1qcnFtLXY4Y3YtNTN3d83vAg
Matrix Synapse Predictable Secret KeyEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 years ago
GSA_kwCzR0hTQS00ODIyLWp2d3gtdzQ3aM03pA
Uncontrolled Resource Consumption in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
GSA_kwCzR0hTQS0zaGZ3LXg3Z3gtNDM3Y80X4Q
Path traversal in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNTMtOGZtdy1mMncy
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4NGMtcHEzMy00dzNx
Improper authorisation of members discloses room membership to non-membersEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNXYtODV3OS1wcTZj
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzNDUtMzJyYy04aDg1
Denial of service attack via push rule patterns in matrix-synapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3cmgtNGp3di01dzc4
Open redirect via transitional IPv6 addresses on dual-stack networksEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5ZmcteGZmaC1wMzYy
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpointsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyaDctbWhoeC02aDg4
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpointsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1ZjgtMzVxci1xNGZt
HTML injection in email and account expiry notificationsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnctNTZtMi01ODk5
Cross-site scripting (XSS) vulnerability in the password reset endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJod3gtbWpybS12M2c4
Denial of service attack via .well-known lookupsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 3 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5MzYtajhncC05cTNw
Open redirects on some federation and push requestsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bXAtcHFjaC1jOG1t
Denial of service attack via incorrect parameters in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 3 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcDMtMzg1ci12NjNm
Denial of service attack due to invalid JSONEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OGMtZm1wYy01cm1x
Cross-site scripting (XSS) vulnerability in the fallback authentication endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Statistics
Advisories: 17,985
Packages: 8,213
Repositories: 4
Ecosystems: 12
Packages: 8,213
Repositories: 4
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
tensorflow
432
tensorflow-cpu
387
tensorflow-gpu
384
django
80
apache-airflow
78
ansible
63
apache-superset
48
plone
42
rdiffweb
42
Pillow
41
salt
38
Plone
36
matrix-synapse
35
vyper
32
mlflow
30
opencv-python
30
opencv-contrib-python
30
Django
21
langchain
18
PaddlePaddle
17
cobbler
17
paddlepaddle
15
cryptography
15
pillow
15
notebook
15
modoboa
14
gradio
14
pyload-ng
14
pyftpdlib
13
nova
13
OctoPrint
12
neutron
12
keystone
12
vantage6
12
onionshare-cli
11
twisted
11
calibreweb
11
glance
11
urllib3
11
Flask-AppBuilder
10
aiohttp
10
moin
9
ethyca-fides
9
kiwitcms
9
Zope
9
wagtail
9
opencv-python-headless
9
waitress
9
opencv-contrib-python-headless
9
zope
9
aubio
8
label-studio
8
numpy
8
matrix-sydent
7
jupyter-server
7
python-keystoneclient
7
pysaml2
7
nautobot
7
scrapy
7
swift
7
pip
7
lief
7
graphite-web
6
tuf
6
sentry
6
lxml
6
ipython
6
pgadmin4
6
Zope2
6
apache-airflow-providers-apache-hive
6
mindsdb
6
web2py
6
mailman
6
inventree
6
feedparser
5
lmdb
5
trytond
5
paramiko
5
bleach
5
python-gnupg
5
requests
5
pyspark
5
roundup
5
Products.CMFPlone
5
ckan
5
whoogle-search
5
horizon
5
saleor
5
datasette
4
ansible-core
4
httpie
4
oauthenticator
4
werkzeug
4
starlette
4
bottle
4
grpcio
4
grpc
4
reportlab
4
jupyterhub
4
yt-dlp
4
nvflare
4
nltk
4
Jinja2
4
markdown2
4
qutebrowser
4
transformers
4
GitPython
4
pretix
4
FreeTAKServer-UI
4
keylime
4
buildbot
4
Flask-Security-Too
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
aws-iot-device-sdk-v2
4
awsiotsdk
4
esphome
4
omero-web
4
PyPDF2
4
Pygments
4
pyyaml
3
aim
3
rsa
3
flask
3
ecdsa
3
tripleo-heat-templates
3
indy-node
3
apache-airflow-providers-apache-spark
3
bitlyshortener
3
indico
3
gerapy
3
torchserve
3
pywasm3
3
protobuf
3
sickrage
3
Weblate
3
ujson
3
keyring
3
apache-libcloud
3
wger
3
ansible-runner
3
asyncua
3
pandasai
3
onnx
3
mayan-edms
3
apache-iotdb
3
sanic
3
mistune
3
zenml
3
poetry
3
copyparty
3
Werkzeug
3
asyncssh
3
ray
3
fava
3
jwcrypto
3
mitmproxy
3
django-helpdesk
3
plone.supermodel
3
Products.PluggableAuthService
3
localstack
3
plone.app.dexterity
3
plone.app.event
3
ryu
3
tornado
3
slixmpp
3
jupyterlab
3
streamlit
3
cinder
3
io.grpc:grpc-protobuf
3
clearml
3
barbican
3
docassemble.webapp
3
sqlparse
3
openvpn-monitor
3
quokka
3
Keystone
3
pyarrow
3
plone.app.theming
3
tlslite-ng
2
aws-encryption-sdk-cli
2
ctx
2
cabot
2
aiohttp-session
2
pyxdg
2
pyopenssl
2
keystonemiddleware
2
flaskcode
2
snowflake-connector-python
2
wasm3
2
zope2
2
apache-airflow-providers-apache-drill
2
dtale
2
python-cjson
2
openapi-python-client
2
Products.CMFCore
2
scancodeio
2
ubi-reader
2
tripleo-ansible
2
wagtail-2fa
2
mobsf
2