Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi matrix-synapse Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206
Synapse vulnerable to leak of remote user device information
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01Y2hyLXdqdzUtM2dxNM4AA2X1
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 months ago
Low
GSA_kwCzR0hTQS03NTY1LWNxMzItdngyeM4AA2C2
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yNmM1LXBwcjgtZjMzcM4AAzr0
Synapse has improper checks for deactivated users during login
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mM3djLTN2eHYteG12cs4AAzdM
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wOXFwLWM0NTItZjlyN84AAzdK
Synapse Denial of service due to incorrect application of event authorization rules during state resolution
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00NWNqLWY5N2YtZ2d3ds4AAzdJ
Synapse does not apply enough checks to servers requesting auth events of events in a room
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS1qaGpoLTc3Nm0tNDc2Nc4AAujv
Denial of service due to incorrect application of event authorization rules
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jcHB3LTJtZjgtcXBtNc4AAq-J
Improper Verification of Cryptographic Signature in matrix-synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nd2Y3LXZmamYtd2Y2eM4AAgqX
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
Ecosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS12bWNjLTRwNHgteDd3Z84AAWzZ
Matrix Synapse DoS
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mbXZoLXJ2cTUtaGhqeM4AASvD
Matrix Synapse Improper Signature Validation
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jaDV2LWZoZzgtN2d2Oc4AASpv
Matrix Synapse Authorization Error
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS12OHdtLWc5ZjIteGp2NM4AASqT
Matrix Synapse Security Filtering Flaw
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qcnFtLXY4Y3YtNTN3d83vAg
Matrix Synapse Predictable Secret Key
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00ODIyLWp2d3gtdzQ3aM03pA
Uncontrolled Resource Consumption in Matrix Synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zaGZ3LXg3Z3gtNDM3Y80X4Q
Path traversal in Matrix Synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNTMtOGZtdy1mMncy
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4NGMtcHEzMy00dzNx
Improper authorisation of members discloses room membership to non-members
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNXYtODV3OS1wcTZj
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzNDUtMzJyYy04aDg1
Denial of service attack via push rule patterns in matrix-synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3cmgtNGp3di01dzc4
Open redirect via transitional IPv6 addresses on dual-stack networks
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5ZmcteGZmaC1wMzYy
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyaDctbWhoeC02aDg4
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1ZjgtMzVxci1xNGZt
HTML injection in email and account expiry notifications
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnctNTZtMi01ODk5
Cross-site scripting (XSS) vulnerability in the password reset endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJod3gtbWpybS12M2c4
Denial of service attack via .well-known lookups
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5MzYtajhncC05cTNw
Open redirects on some federation and push requests
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bXAtcHFjaC1jOG1t
Denial of service attack via incorrect parameters in Matrix Synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcDMtMzg1ci12NjNm
Denial of service attack due to invalid JSON
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OGMtZm1wYy01cm1x
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 3 years ago
Filter by Package
tensorflow 433 tensorflow-cpu 387 tensorflow-gpu 384 django 78 apache-airflow 65 ansible 53 rdiffweb 42 Pillow 40 apache-superset 39 plone 36 matrix-synapse 34 Plone 32 opencv-python 30 opencv-contrib-python 30 vyper 23 Django 16 langchain 15 modoboa 14 notebook 13 pyftpdlib 13 cobbler 13 nova 13 pillow 13 onionshare-cli 12 mlflow 12 cryptography 12 calibreweb 11 twisted 11 keystone 11 urllib3 11 OctoPrint 10 salt 10 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 pyload-ng 9 glance 9 waitress 9 ethyca-fides 9 wagtail 9 Flask-AppBuilder 8 Zope 8 aiohttp 8 numpy 8 aubio 8 pysaml2 7 matrix-sydent 7 pip 7 paddlepaddle 7 python-keystoneclient 7 swift 7 vantage6 7 lief 6 mailman 6 ipython 6 web2py 6 inventree 6 graphite-web 6 python-gnupg 6 jupyter-server 6 Zope2 6 lxml 6 apache-airflow-providers-apache-hive 6 zope 5 bleach 5 gradio 5 keylime 5 tuf 5 requests 5 feedparser 5 neutron 5 pgadmin4 5 sentry 5 Products.CMFPlone 5 pyspark 5 starlette 4 aws-iot-device-sdk-v2 4 awsiotsdk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 PyPDF2 4 Pygments 4 qutebrowser 4 reportlab 4 httpie 4 omero-web 4 Flask-Security-Too 4 scrapy 4 gerapy 4 Jinja2 4 bottle 4 label-studio 4 werkzeug 4 markdown2 4 FreeTAKServer-UI 4 nltk 4 horizon 4 saleor 4 nvflare 4 datasette 4 mitmproxy 3 cinder 3 keyring 3 ray 3 indy-node 3 rsa 3 paramiko 3 grpcio 3 grpc 3 io.grpc:grpc-protobuf 3 GitPython 3 localstack 3 pretix 3 wger 3 bitlyshortener 3 barbican 3 plone.app.theming 3 plone.supermodel 3 indico 3 plone.app.dexterity 3 plone.app.event 3 ujson 3 sickrage 3 Products.PluggableAuthService 3 ansible-runner 3 pyarrow 3 fava 3 yt-dlp 3 oauthenticator 3 pywasm3 3 ckan 3 roundup 3 quokka 3 poetry 3 Weblate 3 slixmpp 3 trytond 3 copyparty 3 django-helpdesk 3 mistune 3 flask 3 jupyterhub 3 torchserve 3 tripleo-heat-templates 3 apache-airflow-providers-apache-spark 3 Werkzeug 3 protobuf 3 ecdsa 3 nautobot 3 asyncua 3 moin 3 pyyaml 3 mayan-edms 3 redis 2 ubi-reader 2 certifi 2 apache-airflow-providers-apache-drill 2 kallithea 2 html5lib 2 github.com/protocolbuffers/protobuf 2 google/protobuf 2 Google.Protobuf 2 cabot 2 org.apache.spark:spark-core 2 pandasai 2 tornado 2 guarddog 2 openzeppelin-cairo-contracts 2 typed-ast 2 pyxdg 2 keystonemiddleware 2 Twisted 2 Products.CMFCore 2 distributed 2 py 2 org.apache.spark:spark-parent_2.12 2 apache-submarine 2 superset 2 binwalk 2 petl 2 plone.restapi 2 djblets 2 aws-encryption-sdk-cli 2 asyncssh 2 Radicale 2 scancodeio 2 untangle 2 markdown-it-py 2 apache-iotdb 2 aiohttp-session 2 CairoSVG 2 mercurial 2 pyjwt 2 apache-airflow-providers-google 2 apache-airflow-providers-apache-sqoop 2 flower 2 RestrictedPython 2 djangorestframework 2 autobahn 2 python-cjson 2 piccolo 2 Red-DiscordBot 2 red-arrow 2 logilab-common 2 websockets 2 ansible-core 2 django-sendfile2 2 python-ldap 2 safeurl-python 2 pretalx 2 pypdf 2 ctx 2 snowflake-connector-python 2 plone.app.contenttypes 2 setuptools 2 pytorch-lightning 2 buildbot 2 starkbank-ecdsa 2 simiki 2 FreeTAKServer 2 archivy 2 scout-browser 2 django-anymail 2 proteus 2 ryu 2 parlai 2 uvicorn 2 aws-encryption-sdk 2 django-unicorn 2 pikepdf 2 shuup 2 dompurify 2 pycrypto 2 bikeshed 2 wasm3 2 django-cms 2 mindsdb 2 python-libnmap 2 apache-airflow-providers-odbc 2 mako 2 in-toto 2 python-apt 2 webargs 2 tripleo-ansible 2 tlslite-ng 2 httplib2 2 pyopenssl 2 AccessControl 2 sqlparse 2 openapi-python-client 2 rpyc 2 sanic 2 wagtail-2fa 2 loguru 2 keycloak-httpd-client-install 2 SQLAlchemy 2 aioxmpp 2 streamlit 2 parso 1 elastic-apm 1 tortoise-orm 1 gitpython 1 easybuild-framework 1 tkvideoplayer 1 tendenci 1 IPython 1 phoenix-ws 1 archivebox 1 dtale 1 oauthlib 1 autogluon.multimodal 1 openssl-src 1 torch 1 feedgen 1 sqlfluff 1 jupyter-core 1 binderhub 1 tqdm 1 admesh 1 marcador 1 apache-airflow-providers-microsoft-mssql 1 django-grappelli 1 onefuzz 1 com.google.protobuf:protobuf-parent 1 coderedcms 1 ceilometer 1 Beaker 1 suds 1 mat2 1 hnswlib 1 com.google.protobuf:protobuf-java 1 sqla-yaml-fixtures 1 octoprint 1 zbar 1 python-docx 1 clickhouse-driver 1 django-mfa2 1 exotel 1 jefferson 1 python-swiftclient 1 pdm 1