Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
pypi matrix-synapse Security Advisories
Browse all Security Advisories for pypi matrix-synapse
Loading...
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 7 months ago
GSA_kwCzR0hTQS0zaDdxLXJmaDkteG00ds4AA7QQ
Synapse V2 state resolution weakness allows Denial of Service (DoS)Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206
Synapse vulnerable to leak of remote user device informationEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 year ago
GSA_kwCzR0hTQS01Y2hyLXdqdzUtM2dxNM4AA2X1
matrix-synapse vulnerable to denial of service due to malicious server ACL eventsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 year ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 1 year ago
GSA_kwCzR0hTQS03NTY1LWNxMzItdngyeM4AA2C2
matrix-synapse vulnerable to improper validation of receipts allows forged read receiptsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 1 year ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 year ago
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 year ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: over 1 year ago
GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1
Synapse has URL deny list bypass via oEmbed and image URLs when generating previewsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: over 1 year ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
GSA_kwCzR0hTQS0yNmM1LXBwcjgtZjMzcM4AAzr0
Synapse has improper checks for deactivated users during loginEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: over 1 year ago
GSA_kwCzR0hTQS1mM3djLTN2eHYteG12cs4AAzdM
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invitesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: over 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
GSA_kwCzR0hTQS1wOXFwLWM0NTItZjlyN84AAzdK
Synapse Denial of service due to incorrect application of event authorization rules during state resolutionEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: over 1 year ago
GSA_kwCzR0hTQS00NWNqLWY5N2YtZ2d3ds4AAzdJ
Synapse does not apply enough checks to servers requesting auth events of events in a roomEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: over 1 year ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
GSA_kwCzR0hTQS1qaGpoLTc3Nm0tNDc2Nc4AAujv
Denial of service due to incorrect application of event authorization rulesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 2 years ago
GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monolithsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: over 2 years ago
GSA_kwCzR0hTQS1jcHB3LTJtZjgtcXBtNc4AAq-J
Improper Verification of Cryptographic Signature in matrix-synapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: over 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
GSA_kwCzR0hTQS1nd2Y3LXZmamYtd2Y2eM4AAgqX
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNGEcosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
GSA_kwCzR0hTQS12bWNjLTRwNHgteDd3Z84AAWzZ
Matrix Synapse DoSEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 2 years ago
GSA_kwCzR0hTQS1mbXZoLXJ2cTUtaGhqeM4AASvD
Matrix Synapse Improper Signature ValidationEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
GSA_kwCzR0hTQS1jaDV2LWZoZzgtN2d2Oc4AASpv
Matrix Synapse Authorization ErrorEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
GSA_kwCzR0hTQS12OHdtLWc5ZjIteGp2NM4AASqT
Matrix Synapse Security Filtering FlawEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
GSA_kwCzR0hTQS1qcnFtLXY4Y3YtNTN3d83vAg
Matrix Synapse Predictable Secret KeyEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 2 years ago
GSA_kwCzR0hTQS00ODIyLWp2d3gtdzQ3aM03pA
Uncontrolled Resource Consumption in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 2 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 3 years ago
GSA_kwCzR0hTQS0zaGZ3LXg3Z3gtNDM3Y80X4Q
Path traversal in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 3 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNTMtOGZtdy1mMncy
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 3 years ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4NGMtcHEzMy00dzNx
Improper authorisation of members discloses room membership to non-membersEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNXYtODV3OS1wcTZj
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzNDUtMzJyYy04aDg1
Denial of service attack via push rule patterns in matrix-synapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 3 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3cmgtNGp3di01dzc4
Open redirect via transitional IPv6 addresses on dual-stack networksEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5ZmcteGZmaC1wMzYy
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpointsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyaDctbWhoeC02aDg4
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpointsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1ZjgtMzVxci1xNGZt
HTML injection in email and account expiry notificationsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnctNTZtMi01ODk5
Cross-site scripting (XSS) vulnerability in the password reset endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJod3gtbWpybS12M2c4
Denial of service attack via .well-known lookupsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5MzYtajhncC05cTNw
Open redirects on some federation and push requestsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bXAtcHFjaC1jOG1t
Denial of service attack via incorrect parameters in Matrix SynapseEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 4 years ago
High
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcDMtMzg1ci12NjNm
Denial of service attack due to invalid JSONEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 4 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OGMtZm1wYy01cm1x
Cross-site scripting (XSS) vulnerability in the fallback authentication endpointEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 4 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 4
Ecosystems: 12
Packages: 9,040
Repositories: 4
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
tensorflow
433
tensorflow-gpu
427
tensorflow-cpu
423
Django
100
apache-airflow
85
Plone
72
ansible
63
salt
56
apache-superset
51
nova
47
mlflow
46
django
44
rdiffweb
42
plone
41
vyper
38
matrix-synapse
35
moin
35
gradio
34
Pillow
31
opencv-contrib-python
31
opencv-python
31
keystone
31
pillow
26
langchain
20
glance
20
cobbler
18
mindsdb
18
mercurial
18
notebook
17
cryptography
16
neutron
16
pyload-ng
16
paddlepaddle
16
PaddlePaddle
16
ethyca-fides
15
calibreweb
15
OctoPrint
15
aiohttp
14
lollms
14
pyftpdlib
14
modoboa
14
vantage6
13
urllib3
12
twisted
12
roundup
12
swift
12
wagtail
12
zenml
12
waitress
11
trytond
11
horizon
11
onionshare-cli
11
sentry
10
Flask-AppBuilder
10
opencv-contrib-python-headless
10
opencv-python-headless
10
nautobot
10
kiwitcms
9
pyspark
9
python-keystoneclient
9
ryu
9
cinder
9
zope
9
trac
8
pgadmin4
8
ckan
8
numpy
8
litellm
8
label-studio
8
aubio
8
ipython
8
Zope
8
matrix-sydent
7
pip
7
pysaml2
7
lief
7
Products.CMFPlone
7
scrapy
7
jupyter-server
7
inventree
7
requests
6
tuf
6
aim
6
mailman
6
mage-ai
6
changedetection.io
6
graphite-web
6
apache-airflow-providers-apache-hive
6
ansible-core
6
lxml
6
yt-dlp
6
web2py
6
Moin
6
Zope2
6
tornado
6
jupyterhub
5
dtale
5
lmdb
5
python-gnupg
5
ait-core
5
Jinja2
5
werkzeug
5
Werkzeug
5
torchserve
5
oauthenticator
5
whoogle-search
5
langchain-experimental
5
pretix
5
bleach
5
feedparser
5
grpcio
5
grpc
5
nltk
5
omero-web
5
paramiko
5
saleor
5
GitPython
4
buildbot
4
dbt-core
4
PyPDF2
4
codechecker
4
FreeTAKServer-UI
4
langchain-community
4
transformers
4
Nova
4
barbican
4
Flask-Security-Too
4
pywasm3
4
Keystone
4
nvflare
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
wasmtime
4
aws-iot-device-sdk-v2
4
bottle
4
awsiotsdk
4
markdown2
4
open-webui
4
tripleo-heat-templates
4
streamlit
4
onnx
4
langflow
4
indico
4
apache-submarine
4
Pygments
4
reportlab
4
Weblate
4
qutebrowser
4
Radicale
4
httpie
4
esphome
4
mobsf
4
apache-iotdb
4
keylime
4
Scrapy
4
jwcrypto
4
indy-node
4
jupyterlab
4
sickrage
3
python-jose
3
Mezzanine
3
localstack
3
poetry
3
sosreport
3
homeassistant
3
Products.PluggableAuthService
3
ujson
3
wasmtime
3
Kallithea
3
apache-airflow-providers-apache-spark
3
openc3
3
openc3
3
anki
3
datasette
3
jupyter-server-proxy
3
ray
3
Red-DiscordBot
3
bitlyshortener
3
scikit-learn
3
pyyaml
3
django-tinymce
3
llama-index
3
TinyMCE
3
tinymce/tinymce
3
tinymce
3
asyncssh
3
io.grpc:grpc-protobuf
3
AccessControl
3
rsa
3
openvpn-monitor
3
Twisted
3
gerapy
3
slixmpp
3
octavia
3
openstack-heat
3
starlette
3
protobuf
3
ansible-runner
3
django-cms
3
certifi
3
pyarrow
3