Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Browse Security Advisories

Security Advisories for matrix-synapse in pypi Clear Filters

High
5 months ago

Synapse vulnerable to federation denial of service via malformed events GSA_kwCzR0hTQS12NTZyLWh3djUtbXhnNs4ABGAZ

pypi matrix-synapse
Moderate
9 months ago

Synapse Matrix has a partial room state leak via Sliding Sync GSA_kwCzR0hTQS01Nnc0LTU1MzgtOHY4aM4ABCBE

pypi matrix-synapse
High
9 months ago

Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders GSA_kwCzR0hTQS12cDZ2LXdoZm0tcnYzZ84ABCBD

pypi matrix-synapse
High
9 months ago

Synapse allows a a malformed invite to break the invitee's `/sync` GSA_kwCzR0hTQS1mM3IzLWgybXEtaHgyaM4ABCBB

pypi matrix-synapse
High
9 months ago

Synapse allows unsupported content types to lead to memory exhaustion GSA_kwCzR0hTQS1yZnE4LWo3cmgtOGhmMs4ABCBA

pypi matrix-synapse
Moderate
9 months ago

Synapse's unauthenticated writes to the media repository allow planting of problematic content GSA_kwCzR0hTQS1namdyLTc4MzQtcmh4cs4ABCA_

pypi matrix-synapse
High
9 months ago

Synapse denial of service through media disk space consumption GSA_kwCzR0hTQS00bWhnLXh2NzMteHEyeM4ABCA-

pypi matrix-synapse
Moderate
over 1 year ago

Synapse V2 state resolution weakness allows Denial of Service (DoS) GSA_kwCzR0hTQS0zaDdxLXJmaDkteG00ds4AA7QQ

pypi matrix-synapse
Moderate
almost 2 years ago

Synapse vulnerable to leak of remote user device information GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206

pypi matrix-synapse
Moderate
almost 2 years ago

matrix-synapse vulnerable to denial of service due to malicious server ACL events GSA_kwCzR0hTQS01Y2hyLXdqdzUtM2dxNM4AA2X1

pypi matrix-synapse
Moderate
almost 2 years ago

matrix-synapse vulnerable to improper validation of receipts allows forged read receipts GSA_kwCzR0hTQS03NTY1LWNxMzItdngyeM4AA2C2

pypi matrix-synapse
Low
almost 2 years ago

matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1

pypi matrix-synapse
Moderate
about 2 years ago

Synapse has URL deny list bypass via oEmbed and image URLs when generating previews GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1

pypi matrix-synapse
Moderate
about 2 years ago

Synapse has improper checks for deactivated users during login GSA_kwCzR0hTQS0yNmM1LXBwcjgtZjMzcM4AAzr0

pypi matrix-synapse
Moderate
about 2 years ago

Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites GSA_kwCzR0hTQS1mM3djLTN2eHYteG12cs4AAzdM

pypi matrix-synapse
High
about 2 years ago

Synapse Denial of service due to incorrect application of event authorization rules during state resolution GSA_kwCzR0hTQS1wOXFwLWM0NTItZjlyN84AAzdK

pypi matrix-synapse
High
about 2 years ago

Synapse does not apply enough checks to servers requesting auth events of events in a room GSA_kwCzR0hTQS00NWNqLWY5N2YtZ2d3ds4AAzdJ

pypi matrix-synapse
High
almost 3 years ago

Denial of service due to incorrect application of event authorization rules GSA_kwCzR0hTQS1qaGpoLTc3Nm0tNDc2Nc4AAujv

pypi matrix-synapse
High
about 3 years ago

URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv

pypi matrix-synapse
High
about 3 years ago

Improper Verification of Cryptographic Signature in matrix-synapse GSA_kwCzR0hTQS1jcHB3LTJtZjgtcXBtNc4AAq-J

pypi matrix-synapse
High
about 3 years ago

matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG GSA_kwCzR0hTQS1nd2Y3LXZmamYtd2Y2eM4AAgqX

pypi matrix-synapse, matrix-sydent
High
over 3 years ago

Matrix Synapse DoS GSA_kwCzR0hTQS12bWNjLTRwNHgteDd3Z84AAWzZ

pypi matrix-synapse
High
over 3 years ago

Matrix Synapse Improper Signature Validation GSA_kwCzR0hTQS1mbXZoLXJ2cTUtaGhqeM4AASvD

pypi matrix-synapse
High
over 3 years ago

Matrix Synapse Authorization Error GSA_kwCzR0hTQS1jaDV2LWZoZzgtN2d2Oc4AASpv

pypi matrix-synapse
High
over 3 years ago

Matrix Synapse Security Filtering Flaw GSA_kwCzR0hTQS12OHdtLWc5ZjIteGp2NM4AASqT

pypi matrix-synapse
High
over 3 years ago

Matrix Synapse Predictable Secret Key GSA_kwCzR0hTQS1qcnFtLXY4Y3YtNTN3d83vAg

pypi matrix-synapse
Moderate
over 3 years ago

Uncontrolled Resource Consumption in Matrix Synapse GSA_kwCzR0hTQS00ODIyLWp2d3gtdzQ3aM03pA

pypi matrix-synapse
High
over 3 years ago

Path traversal in Matrix Synapse GSA_kwCzR0hTQS0zaGZ3LXg3Z3gtNDM3Y80X4Q

pypi matrix-synapse
Low
almost 4 years ago

Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner. MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNTMtOGZtdy1mMncy

pypi matrix-synapse
Low
almost 4 years ago

Improper authorisation of members discloses room membership to non-members MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4NGMtcHEzMy00dzNx

pypi matrix-synapse
Moderate
over 4 years ago

Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNXYtODV3OS1wcTZj

pypi matrix-synapse
Moderate
over 4 years ago

Denial of service attack via push rule patterns in matrix-synapse MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzNDUtMzJyYy04aDg1

pypi matrix-synapse
High
over 4 years ago

Open redirect via transitional IPv6 addresses on dual-stack networks MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3cmgtNGp3di01dzc4

pypi matrix-synapse
Moderate
over 4 years ago

Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5ZmcteGZmaC1wMzYy

pypi matrix-synapse
Moderate
over 4 years ago

Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyaDctbWhoeC02aDg4

pypi matrix-synapse
Moderate
over 4 years ago

HTML injection in email and account expiry notifications MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1ZjgtMzVxci1xNGZt

pypi matrix-synapse
Moderate
over 4 years ago

Cross-site scripting (XSS) vulnerability in the password reset endpoint MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnctNTZtMi01ODk5

pypi matrix-synapse
Moderate
over 4 years ago

Denial of service attack via .well-known lookups MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJod3gtbWpybS12M2c4

pypi matrix-synapse
Moderate
over 4 years ago

Open redirects on some federation and push requests MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5MzYtajhncC05cTNw

pypi matrix-synapse
High
over 4 years ago

Denial of service attack via incorrect parameters in Matrix Synapse MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bXAtcHFjaC1jOG1t

pypi matrix-synapse
High
over 4 years ago

Denial of service attack due to invalid JSON MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcDMtMzg1ci12NjNm

pypi matrix-synapse
Moderate
almost 5 years ago

Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OGMtZm1wYy01cm1x

pypi matrix-synapse

Filter by Severity

Moderate 10,204 High 8,098 Critical 3,334 Low 1,468

Filter by Ecosystem

maven 6,768 packagist 5,381 pypi 4,875 npm 4,236 go 2,872 nuget 1,702 cargo 1,075 rubygems 928 hex 37 swift 36 actions 34 pub 10

Filter by Package

tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 Django 107 apache-airflow 85 Plone 72 salt 65 ansible 63 apache-superset 61 mlflow 53 nova 48 django 46 gradio 44 vyper 44 rdiffweb 42 matrix-synapse 42 plone 41 moin 35 keystone 32 opencv-python 31 opencv-contrib-python 31 Pillow 29 pillow 28 vllm 25 open-webui 25 pyload-ng 23 glance 21 langchain 20 aim 20 neutron 19 cobbler 18 mindsdb 18 mercurial 18 OctoPrint 17 cryptography 17 notebook 17 calibreweb 17 ethyca-fides 16 lollms 16 PaddlePaddle 16 paddlepaddle 16 transformers 16 aiohttp 15 litellm 14 pyftpdlib 14 modoboa 14 urllib3 14 vantage6 14 h2o 13 roundup 13 zenml 13 swift 12 nautobot 12 wagtail 12 mobsf 12 sentry 12 twisted 12 label-studio 11 horizon 11 onionshare-cli 11 trytond 11 pgadmin4 11 waitress 11 opencv-python-headless 10 opencv-contrib-python-headless 10 Flask-AppBuilder 10 pyspark 10 ai.h2o:h2o-core 9 cinder 9 lief 9 zope 9 ckan 9 kiwitcms 9 python-keystoneclient 9 ryu 9 agentscope 9 changedetection.io 8 bentoml 8 Zope2 8 aubio 8 dbgpt 8 ipython 8 tornado 8 llama-index 8 trac 8 Zope 8 numpy 8 picklescan 8 pip 7 web2py 7 inventree 7 pysaml2 7 requests 7 jupyter-server 7 matrix-sydent 7 executorch 7 copyparty 7 Products.CMFPlone 7 scrapy 7 tuf 6 torch 6 whoogle-search 6 OpenEXR 6 Moin 6 lxml 6 mailman 6 dtale 6 omero-web 6 llama-index-core 6 apache-iotdb 6 graphite-web 6 codechecker 6 torchserve 6 snowflake-connector-python 6 indico 6 yt-dlp 6 apache-airflow-providers-apache-hive 6 mage-ai 6 ansible-core 6 Mezzanine 6 Jinja2 6 mayan-edms 5 ait-core 5 grpc 5 oauthenticator 5 bleach 5 saleor 5 grpcio 5 nltk 5 paramiko 5 jupyterhub 5 keylime 5 langchain-community 5 pretix 5 onnx 5 fschat 5 python-gnupg 5 feedparser 5 composio-core 5 lmdb 5 Werkzeug 5 langchain-experimental 5 werkzeug 5 langflow 5 InvokeAI 4 qutebrowser 4 Scrapy 4 ray 4 setuptools 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 barbican 4 streampipes 4 weblate 4 Weblate 4 esphome 4 markdown2 4 reportlab 4 pandasai 4 flask 4 wasmtime 4 skops 4 httpie 4 bottle 4 FreeTAKServer-UI 4 MaterialX 4 GitPython 4 Flask-Security-Too 4 mitmproxy 4 jupyterlab 4 dbt-core 4 jwcrypto 4 buildbot 4 flask-cors 4 indy-node 4 pytorch-lightning 4 streamlit 4 protobuf 4 Keystone 4 frappe 4 homeassistant 4 awsiotsdk 4 django-helpdesk 4 tripleo-heat-templates 4 PyPDF2 4 koji 4 Pygments 4 RestrictedPython 4 Nova 4 aws-iot-device-sdk-v2 4 pywasm3 4 jinja2 4 Radicale 4 starlette 4 keras 4 apache-submarine 4 org.apache.streampipes:streampipes-parent 4 nvflare 4 pypdf 3 plone.supermodel 3 sanic 3

Filter by Repository

https://github.com/matrix-org/synapse 32 https://github.com/element-hq/synapse 8 https://github.com/matrix-org/matrix-doc 1