matrix-synapse
Homeserver for the Matrix decentralised comms protocol
Security Advisories for matrix-synapse in pypi
Moderate
15 days ago
Synapse's invalid device keys degrade federation functionality
pypi
matrix-synapse
High
7 months ago
Synapse vulnerable to federation denial of service via malformed events
pypi
matrix-synapse
Moderate
11 months ago
Synapse Matrix has a partial room state leak via Sliding Sync
pypi
matrix-synapse
High
11 months ago
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
pypi
matrix-synapse
High
11 months ago
Synapse allows a a malformed invite to break the invitee's `/sync`
pypi
matrix-synapse
High
11 months ago
Synapse allows unsupported content types to lead to memory exhaustion
pypi
matrix-synapse
Moderate
11 months ago
Synapse's unauthenticated writes to the media repository allow planting of problematic content
pypi
matrix-synapse
High
11 months ago
Synapse denial of service through media disk space consumption
pypi
matrix-synapse
Moderate
over 1 year ago
Synapse V2 state resolution weakness allows Denial of Service (DoS)
pypi
matrix-synapse
Moderate
almost 2 years ago
Synapse vulnerable to leak of remote user device information
pypi
matrix-synapse
Moderate
about 2 years ago
matrix-synapse vulnerable to denial of service due to malicious server ACL events
pypi
matrix-synapse
Moderate
about 2 years ago
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
pypi
matrix-synapse
Low
about 2 years ago
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
pypi
matrix-synapse
Moderate
over 2 years ago
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
pypi
matrix-synapse
Moderate
over 2 years ago
Synapse has improper checks for deactivated users during login
pypi
matrix-synapse
Moderate
over 2 years ago
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
pypi
matrix-synapse
High
over 2 years ago
Synapse Denial of service due to incorrect application of event authorization rules during state resolution
pypi
matrix-synapse
High
over 2 years ago
Synapse does not apply enough checks to servers requesting auth events of events in a room
pypi
matrix-synapse
High
about 3 years ago
Denial of service due to incorrect application of event authorization rules
pypi
matrix-synapse
High
over 3 years ago
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
pypi
matrix-synapse
High
over 3 years ago
Improper Verification of Cryptographic Signature in matrix-synapse
pypi
matrix-synapse
High
over 3 years ago
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
pypi
matrix-synapse, matrix-sydent
Low
about 4 years ago
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
pypi
matrix-synapse
Low
about 4 years ago
Improper authorisation of members discloses room membership to non-members
pypi
matrix-synapse
Moderate
over 4 years ago
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
pypi
matrix-synapse
Moderate
over 4 years ago
Denial of service attack via push rule patterns in matrix-synapse
pypi
matrix-synapse
High
over 4 years ago
Open redirect via transitional IPv6 addresses on dual-stack networks
pypi
matrix-synapse
Moderate
over 4 years ago
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
pypi
matrix-synapse
Moderate
over 4 years ago
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
pypi
matrix-synapse
Moderate
over 4 years ago
HTML injection in email and account expiry notifications
pypi
matrix-synapse
Moderate
over 4 years ago
Cross-site scripting (XSS) vulnerability in the password reset endpoint
pypi
matrix-synapse
High
almost 5 years ago
Denial of service attack via incorrect parameters in Matrix Synapse
pypi
matrix-synapse
Moderate
about 5 years ago
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
pypi
matrix-synapse