matrix-synapse

UNKNOWN

PyPI

CVE-2019-5885

CVE-2019-5885

Mar 21, 2019

MEDIUM 5.5

PyPI

CVE-2026-45078

Synapse CPU starvation (Denial of Service)

May 14, 2026

UNKNOWN

PyPI

CVE-2026-45076

Synapse pagination Denial of Service

May 14, 2026

HIGH 7.5

PyPI

CVE-2024-37302

Synapse denial of service through media disk space consumption

Dec 3, 2024

MEDIUM 5.3

PyPI

CVE-2024-37303

Synapse's unauthenticated writes to the media repository allow planting of problematic content

Dec 3, 2024

LOW 2.7

PyPI

CVE-2026-45076

CVE-2026-45076

May 28, 2026

MEDIUM 5.5

PyPI

CVE-2026-45078

CVE-2026-45078

May 28, 2026

MEDIUM 5.3

PyPI

CVE-2024-37303

CVE-2024-37303

Dec 3, 2024

HIGH 7.5

PyPI

CVE-2024-37302

CVE-2024-37302

Dec 3, 2024

LOW 3.7

PyPI

CVE-2021-29471

Denial of service attack via push rule patterns in matrix-synapse

May 13, 2021

HIGH 7.5

PyPI

CVE-2021-41281

Path traversal in Matrix Synapse

Nov 23, 2021

MEDIUM 5.3

PyPI

CVE-2021-21393

Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints

Apr 13, 2021

MEDIUM 6.1

PyPI

CVE-2020-26891

Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint

Oct 16, 2020

LOW 3.1

PyPI

CVE-2021-21273

Open redirects on some federation and push requests

Feb 26, 2021

HIGH 7.5

PyPI

CVE-2020-26890

Denial of service attack due to invalid JSON

Nov 24, 2020

MEDIUM 6.3

PyPI

CVE-2021-21392

Open redirect via transitional IPv6 addresses on dual-stack networks

Apr 13, 2021

MEDIUM 4.3

PyPI

CVE-2021-21274

Denial of service attack via .well-known lookups

Mar 1, 2021

MEDIUM 6.9

PyPI

CVE-2021-21332

Cross-site scripting (XSS) vulnerability in the password reset endpoint

Mar 26, 2021

MEDIUM 6.1

PyPI

CVE-2021-21333

HTML injection in email and account expiry notifications

Mar 26, 2021

LOW 3.1

PyPI

CVE-2021-39163

Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.

Sep 1, 2021

LOW 3.1

PyPI

CVE-2021-39164

Improper authorisation of members discloses room membership to non-members

Sep 1, 2021

MEDIUM 5.3

PyPI

CVE-2021-21394

Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints

Apr 13, 2021

MEDIUM 6.5

PyPI

CVE-2020-26257

Denial of service attack via incorrect parameters in Matrix Synapse

Dec 9, 2020

UNKNOWN

PyPI

CVE-2021-41281

CVE-2021-41281

Nov 23, 2021

UNKNOWN

PyPI

CVE-2021-39164

CVE-2021-39164

Aug 31, 2021

UNKNOWN

PyPI

CVE-2021-39163

CVE-2021-39163

Aug 31, 2021

HIGH 7.1

PyPI

CVE-2025-30355

Synapse vulnerable to federation denial of service via malformed events

Mar 27, 2025

UNKNOWN

PyPI

CVE-2025-61672

Synapse's invalid device keys degrade federation functionality

Oct 8, 2025

HIGH 8.6

PyPI

CVE-2019-18835

Improper Verification of Cryptographic Signature in matrix-synapse

May 24, 2022

MEDIUM 5.3

PyPI

CVE-2023-43796

Synapse vulnerable to leak of remote user device information

Oct 31, 2023

MEDIUM 5.0

PyPI

CVE-2023-32323

Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites

May 24, 2023

MEDIUM 4.3

PyPI

CVE-2024-53867

Synapse Matrix has a partial room state leak via Sliding Sync

Dec 3, 2024

UNKNOWN

PyPI

CVE-2024-53863

Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders

Dec 3, 2024

UNKNOWN

PyPI

CVE-2024-52815

Synapse allows a a malformed invite to break the invitee's `/sync`

Dec 3, 2024

UNKNOWN

PyPI

CVE-2024-52805

Synapse allows unsupported content types to lead to memory exhaustion

Dec 3, 2024

UNKNOWN

PyPI

GHSA-7h5v-85w9-pq6c

Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint

May 19, 2021

LOW 3.5

PyPI

CVE-2023-32683

Synapse has URL deny list bypass via oEmbed and image URLs when generating previews

Jun 6, 2023

LOW 3.7

PyPI

CVE-2023-41335

matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes

Sep 26, 2023

HIGH 7.5

PyPI

CVE-2022-31152

Denial of service due to incorrect application of event authorization rules

Aug 31, 2022

MEDIUM 6.5

PyPI

CVE-2022-39374

Synapse Denial of service due to incorrect application of event authorization rules during state resolution

May 24, 2023

HIGH 7.5

PyPI

CVE-2019-11842

matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG

May 24, 2022

MEDIUM 6.5

PyPI

CVE-2022-31052

URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths

Jun 29, 2022

MEDIUM 5.0

PyPI

CVE-2022-39335

Synapse does not apply enough checks to servers requesting auth events of events in a room

May 24, 2023

LOW 3.1

PyPI

CVE-2023-42453

matrix-synapse vulnerable to improper validation of receipts allows forged read receipts

Sep 26, 2023

MEDIUM 4.9

PyPI

CVE-2023-45129

matrix-synapse vulnerable to denial of service due to malicious server ACL events

Oct 10, 2023

MEDIUM 5.4

PyPI

CVE-2023-32682

Synapse has improper checks for deactivated users during login

Jun 6, 2023

HIGH 7.5

PyPI

CVE-2019-5885

Matrix Synapse Predictable Secret Key

May 13, 2022

MEDIUM 6.5

PyPI

CVE-2024-31208

Synapse V2 state resolution weakness allows Denial of Service (DoS)

Apr 23, 2024

UNKNOWN

PyPI

CVE-2024-31208

CVE-2024-31208

Apr 23, 2024

MEDIUM 5.3

PyPI

CVE-2022-41952

Uncontrolled Resource Consumption in Matrix Synapse

Apr 1, 2022

MEDIUM 5.3

PyPI

CVE-2023-43796

CVE-2023-43796

Oct 31, 2023

MEDIUM 4.9

PyPI

CVE-2023-45129

CVE-2023-45129

Oct 10, 2023

MEDIUM 4.3

PyPI

CVE-2023-42453

CVE-2023-42453

Sep 27, 2023

LOW 3.7

PyPI

CVE-2023-41335

CVE-2023-41335

Sep 27, 2023

UNKNOWN

PyPI

CVE-2023-32683

CVE-2023-32683

Jun 6, 2023

UNKNOWN

PyPI

CVE-2023-32682

CVE-2023-32682

Jun 6, 2023

UNKNOWN

PyPI

CVE-2023-32323

CVE-2023-32323

May 26, 2023

UNKNOWN

PyPI

CVE-2022-39374

CVE-2022-39374

May 26, 2023

UNKNOWN

PyPI

CVE-2022-39335

CVE-2022-39335

May 26, 2023

UNKNOWN

PyPI

CVE-2022-31152

CVE-2022-31152

Sep 2, 2022

UNKNOWN

PyPI

CVE-2022-31052

CVE-2022-31052

Jun 28, 2022

UNKNOWN

PyPI

CVE-2021-29471

CVE-2021-29471

May 11, 2021

UNKNOWN

PyPI

CVE-2021-21394

CVE-2021-21394

Apr 12, 2021

UNKNOWN

PyPI

CVE-2021-21393

CVE-2021-21393

Apr 12, 2021

UNKNOWN

PyPI

CVE-2021-21392

CVE-2021-21392

Apr 12, 2021

UNKNOWN

PyPI

CVE-2021-21333

CVE-2021-21333

Mar 26, 2021

UNKNOWN

PyPI

CVE-2021-21332

CVE-2021-21332

Mar 26, 2021

UNKNOWN

PyPI

CVE-2021-21274

CVE-2021-21274

Feb 26, 2021

UNKNOWN

PyPI

CVE-2021-21273

CVE-2021-21273

Feb 26, 2021

UNKNOWN

PyPI

CVE-2020-26891

CVE-2020-26891

Oct 19, 2020

UNKNOWN

PyPI

CVE-2020-26890

CVE-2020-26890

Nov 24, 2020

UNKNOWN

PyPI

CVE-2020-26257

CVE-2020-26257

Dec 9, 2020

UNKNOWN

PyPI

CVE-2019-18835

CVE-2019-18835

Nov 8, 2019

UNKNOWN

PyPI

CVE-2019-11842

CVE-2019-11842

May 9, 2019

HIGH 8.8

PyPI

CVE-2018-16515

Matrix Synapse Improper Signature Validation

May 13, 2022

HIGH 7.5

PyPI

CVE-2018-12423

Matrix Synapse Authorization Error

May 13, 2022

HIGH 7.5

PyPI

CVE-2018-12291

Matrix Synapse Security Filtering Flaw

May 13, 2022

HIGH 7.5

PyPI

CVE-2018-10657

Matrix Synapse DoS

May 14, 2022