MEDIUM 6.5 PyPI
GHSA-22p3-qrh9-cx32 · CVE-2022-31052, PYSEC-2022-224 URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
Modified: 9/30/2024
package
PyPI / matrix-synapse
pkg:pypi/matrix-synapse
MEDIUM 6.9 PyPI
GHSA-246w-56m2-5899 · CVE-2021-21332, PYSEC-2021-133 Cross-site scripting (XSS) vulnerability in the password reset endpoint
Modified: 3/13/2026
MEDIUM 5.4 PyPI
GHSA-26c5-ppr8-f33p · CVE-2023-32682, PYSEC-2023-84 Synapse has improper checks for deactivated users during login
Modified: 9/24/2024
MEDIUM 4.3 PyPI
GHSA-2hwx-mjrm-v3g8 · CVE-2021-21274, PYSEC-2021-132 Denial of service attack via .well-known lookups
Modified: 3/13/2026
MEDIUM 6.5 PyPI
GHSA-3h7q-rfh9-xm4v · CVE-2024-31208, PYSEC-2024-50 Synapse V2 state resolution weakness allows Denial of Service (DoS)
Modified: 5/3/2024
HIGH 7.5 PyPI
GHSA-3hfw-x7gx-437c · CVE-2021-41281, PYSEC-2021-436 Path traversal in Matrix Synapse
Modified: 3/13/2026
LOW 3.1 PyPI
GHSA-3x4c-pq33-4w3q · CVE-2021-39164, PYSEC-2021-425 Improper authorisation of members discloses room membership to non-members
Modified: 3/13/2026
MEDIUM 6.1 PyPI
GHSA-3x8c-fmpc-5rmq · CVE-2020-26891, PYSEC-2020-238 Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
Modified: 3/13/2026
MEDIUM 5.0 PyPI
GHSA-45cj-f97f-ggwv · CVE-2022-39335, PYSEC-2023-65 Synapse does not apply enough checks to servers requesting auth events of events in a room
Modified: 9/24/2024
MEDIUM 5.3 PyPI
GHSA-4822-jvwx-w47h · CVE-2022-41952 Uncontrolled Resource Consumption in Matrix Synapse
Modified: 2/16/2024
LOW 3.7 PyPI
GHSA-4f74-84v3-j9q5 · CVE-2023-41335, PYSEC-2023-185 matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Modified: 9/30/2024
HIGH 7.5 PyPI
GHSA-4mhg-xv73-xq2x · CVE-2024-37302, PYSEC-2024-286 Synapse denial of service through media disk space consumption
Modified: 5/20/2026
HIGH 7.5 PyPI
GHSA-4mp3-385r-v63f · CVE-2020-26890, PYSEC-2020-237 Denial of service attack due to invalid JSON
Modified: 3/13/2026
MEDIUM 4.3 PyPI
GHSA-56w4-5538-8v8h · CVE-2024-53867 Synapse Matrix has a partial room state leak via Sliding Sync
Modified: 12/3/2024
MEDIUM 4.9 PyPI
GHSA-5chr-wjw5-3gq4 · CVE-2023-45129, PYSEC-2023-199 matrix-synapse vulnerable to denial of service due to malicious server ACL events
Modified: 9/24/2024
MEDIUM 6.3 PyPI
GHSA-5wrh-4jwv-5w78 · CVE-2021-21392, PYSEC-2021-25 Open redirect via transitional IPv6 addresses on dual-stack networks
Modified: 3/13/2026
MEDIUM PyPI
GHSA-6qf2-7x63-mm6v · CVE-2026-45076 Synapse pagination Denial of Service
Modified: 5/23/2026
LOW 3.1 PyPI
GHSA-7565-cq32-vx2x · CVE-2023-42453, PYSEC-2023-180 matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
Modified: 9/24/2024
MEDIUM PyPI
GHSA-7h5v-85w9-pq6c Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
Modified: 12/2/2024
HIGH PyPI
GHSA-8q93-326v-3m7g · CVE-2026-45078 Synapse CPU starvation (Denial of Service)
Modified: 5/23/2026
LOW 3.5 PyPI
GHSA-98px-6486-j7qc · CVE-2023-32683, PYSEC-2023-85 Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Modified: 9/30/2024
MEDIUM 6.1 PyPI
GHSA-c5f8-35qr-q4fm · CVE-2021-21333, PYSEC-2021-134 HTML injection in email and account expiry notifications
Modified: 3/13/2026
HIGH 7.5 PyPI
GHSA-ch5v-fhg8-7gv9 · CVE-2018-12423 Matrix Synapse Authorization Error
Modified: 11/8/2023
HIGH 8.6 PyPI
GHSA-cppw-2mf8-qpm5 · CVE-2019-18835, PYSEC-2019-186 Improper Verification of Cryptographic Signature in matrix-synapse
Modified: 2/15/2025
HIGH PyPI
GHSA-f3r3-h2mq-hx2h · CVE-2024-52815 Synapse allows a a malformed invite to break the invitee's `/sync`
Modified: 12/3/2024
MEDIUM 5.0 PyPI
GHSA-f3wc-3vxv-xmvr · CVE-2023-32323, PYSEC-2023-67 Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
Modified: 2/13/2025
MEDIUM PyPI
GHSA-fh66-fcv5-jjfr · CVE-2025-61672 Synapse's invalid device keys degrade federation functionality
Modified: 10/8/2025
HIGH 8.8 PyPI
GHSA-fmvh-rvq5-hhjx · CVE-2018-16515 Matrix Synapse Improper Signature Validation
Modified: 11/8/2023
MEDIUM 5.3 PyPI
GHSA-gjgr-7834-rhxr · CVE-2024-37303, PYSEC-2024-287 Synapse's unauthenticated writes to the media repository allow planting of problematic content
Modified: 5/20/2026
HIGH 7.5 PyPI
GHSA-gwf7-vfjf-wf6x · CVE-2019-11842, PYSEC-2019-185 matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
Modified: 9/30/2024
MEDIUM 6.5 PyPI
GHSA-hxmp-pqch-c8mm · CVE-2020-26257, PYSEC-2020-236 Denial of service attack via incorrect parameters in Matrix Synapse
Modified: 3/13/2026
HIGH 7.5 PyPI
GHSA-jhjh-776m-4765 · CVE-2022-31152, PYSEC-2022-262 Denial of service due to incorrect application of event authorization rules
Modified: 9/30/2024
LOW 3.1 PyPI
GHSA-jj53-8fmw-f2w2 · CVE-2021-39163, PYSEC-2021-424 Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Modified: 3/13/2026
MEDIUM 5.3 PyPI
GHSA-jrh7-mhhx-6h88 · CVE-2021-21393, PYSEC-2021-26 Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
Modified: 3/13/2026
HIGH 7.5 PyPI
GHSA-jrqm-v8cv-53ww · CVE-2019-5885, PYSEC-2019-187 Matrix Synapse Predictable Secret Key
Modified: 9/24/2024
MEDIUM 5.3 PyPI
GHSA-mp92-3jfm-3575 · CVE-2023-43796, PYSEC-2023-230 Synapse vulnerable to leak of remote user device information
Modified: 2/13/2025
MEDIUM 6.5 PyPI
GHSA-p9qp-c452-f9r7 · CVE-2022-39374, PYSEC-2023-66 Synapse Denial of service due to incorrect application of event authorization rules during state resolution
Modified: 9/30/2024
HIGH PyPI
GHSA-rfq8-j7rh-8hf2 · CVE-2024-52805 Synapse allows unsupported content types to lead to memory exhaustion
Modified: 12/3/2024
HIGH 7.1 PyPI
GHSA-v56r-hwv5-mxg6 · CVE-2025-30355 Synapse vulnerable to federation denial of service via malformed events
Modified: 10/24/2025
HIGH 7.5 PyPI
GHSA-v8wm-g9f2-xjv4 · CVE-2018-12291 Matrix Synapse Security Filtering Flaw
Modified: 11/8/2023
LOW 3.1 PyPI
GHSA-v936-j8gp-9q3p · CVE-2021-21273, PYSEC-2021-131 Open redirects on some federation and push requests
Modified: 3/13/2026
HIGH 7.5 PyPI
GHSA-vmcc-4p4x-x7wg · CVE-2018-10657 Matrix Synapse DoS
Modified: 11/8/2023
HIGH PyPI
GHSA-vp6v-whfm-rv3g · CVE-2024-53863 Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
Modified: 12/3/2024
MEDIUM 5.3 PyPI
GHSA-w9fg-xffh-p362 · CVE-2021-21394, PYSEC-2021-27 Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
Modified: 3/13/2026
LOW 3.7 PyPI
GHSA-x345-32rc-8h85 · CVE-2021-29471, PYSEC-2021-135 Denial of service attack via push rule patterns in matrix-synapse
Modified: 3/13/2026
— PyPI
PYSEC-2019-185 · CVE-2019-11842, GHSA-gwf7-vfjf-wf6x Modified: 11/8/2023
— PyPI
PYSEC-2019-186 · CVE-2019-18835, GHSA-cppw-2mf8-qpm5 Modified: 11/8/2023
— PyPI
PYSEC-2019-187 · CVE-2019-5885, GHSA-jrqm-v8cv-53ww Modified: 11/8/2023
— PyPI
PYSEC-2020-236 · CVE-2020-26257, GHSA-hxmp-pqch-c8mm Modified: 11/8/2023
— PyPI
PYSEC-2020-237 · CVE-2020-26890, GHSA-4mp3-385r-v63f Modified: 11/8/2023
— PyPI
PYSEC-2020-238 · CVE-2020-26891, GHSA-3x8c-fmpc-5rmq Modified: 11/8/2023
— PyPI
PYSEC-2021-131 · CVE-2021-21273, GHSA-v936-j8gp-9q3p Modified: 11/8/2023
— PyPI
PYSEC-2021-132 · CVE-2021-21274, GHSA-2hwx-mjrm-v3g8 Modified: 11/8/2023
— PyPI
PYSEC-2021-133 · CVE-2021-21332, GHSA-246w-56m2-5899 Modified: 11/8/2023
— PyPI
PYSEC-2021-134 · CVE-2021-21333, GHSA-c5f8-35qr-q4fm Modified: 11/8/2023
— PyPI
PYSEC-2021-135 · CVE-2021-29471, GHSA-x345-32rc-8h85 Modified: 11/8/2023
— PyPI
PYSEC-2021-25 · CVE-2021-21392, GHSA-5wrh-4jwv-5w78 Modified: 11/8/2023
— PyPI
PYSEC-2021-26 · CVE-2021-21393, GHSA-jrh7-mhhx-6h88 Modified: 11/8/2023
— PyPI
PYSEC-2021-27 · CVE-2021-21394, GHSA-w9fg-xffh-p362 Modified: 11/8/2023
— PyPI
PYSEC-2021-424 · CVE-2021-39163, GHSA-jj53-8fmw-f2w2 Modified: 2/26/2026
— PyPI
PYSEC-2021-425 · CVE-2021-39164, GHSA-3x4c-pq33-4w3q Modified: 2/26/2026
— PyPI
PYSEC-2021-436 · CVE-2021-41281, GHSA-3hfw-x7gx-437c Modified: 2/26/2026
— PyPI
PYSEC-2022-224 · CVE-2022-31052, GHSA-22p3-qrh9-cx32 Modified: 11/8/2023
— PyPI
PYSEC-2022-262 · CVE-2022-31152, GHSA-jhjh-776m-4765 Modified: 11/8/2023
MEDIUM 4.3 PyPI
PYSEC-2023-180 · CVE-2023-42453, GHSA-7565-cq32-vx2x Modified: 11/8/2023
LOW 3.7 PyPI
PYSEC-2023-185 · CVE-2023-41335, GHSA-4f74-84v3-j9q5 Modified: 11/8/2023
MEDIUM 4.9 PyPI
PYSEC-2023-199 · CVE-2023-45129, GHSA-5chr-wjw5-3gq4 Modified: 11/8/2023
MEDIUM 5.3 PyPI
PYSEC-2023-230 · CVE-2023-43796, GHSA-mp92-3jfm-3575 Modified: 11/8/2023
— PyPI
PYSEC-2023-65 · CVE-2022-39335, GHSA-45cj-f97f-ggwv Modified: 11/8/2023
— PyPI
PYSEC-2023-66 · CVE-2022-39374, GHSA-p9qp-c452-f9r7 Modified: 11/8/2023
— PyPI
PYSEC-2023-67 · CVE-2023-32323, GHSA-f3wc-3vxv-xmvr Modified: 11/8/2023
— PyPI
PYSEC-2023-84 · CVE-2023-32682, GHSA-26c5-ppr8-f33p Modified: 11/8/2023
— PyPI
PYSEC-2023-85 · CVE-2023-32683, GHSA-98px-6486-j7qc Modified: 11/8/2023
HIGH 7.5 PyPI
PYSEC-2024-286 · CVE-2024-37302, GHSA-4mhg-xv73-xq2x Modified: 5/20/2026
MEDIUM 5.3 PyPI
PYSEC-2024-287 · CVE-2024-37303, GHSA-gjgr-7834-rhxr Modified: 5/20/2026
— PyPI
PYSEC-2024-50 · CVE-2024-31208, GHSA-3h7q-rfh9-xm4v Modified: 4/23/2024