Homepage

matrix-synapse vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the matrix-synapse package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
Missing Authentication for Critical Function

<1.116.0-1
  • L
Allocation of Resources Without Limits or Throttling

<1.116.0-1
  • L
Allocation of Resources Without Limits or Throttling

<1.121.0-1
  • L
Improper Input Validation

<1.121.0-1
  • L
Unrestricted Upload of File with Dangerous Type

<1.121.0-1
  • L
Exposure of System Data to an Unauthorized Control Sphere

<1.121.0-1
  • L
CVE-2024-31208

<1.103.0-2
  • M
CVE-2023-43796

<1.95.1-1
  • M
Allocation of Resources Without Limits or Throttling

<1.94.0-1
  • M
Improper Authorization

<1.93.0-1
  • L
Cleartext Storage of Sensitive Information

<1.93.0-1
  • M
Improper Authentication

<1.90.0-1
  • M
Incorrect Authorization

<1.90.0-1
  • M
Information Exposure

<1.69.0-1
  • M
Improper Input Validation

<1.74.0-1
  • M
Resource Exhaustion

<1.68.0-1
  • M
Missing Release of Resource after Effective Lifetime

<1.53.0-1
  • H
Improper Handling of Exceptional Conditions

<1.63.0-1
  • M
Uncontrolled Recursion

<1.61.1-1
  • H
Directory Traversal

<1.47.1-1
  • L
Information Exposure

<1.41.1-1
  • L
Information Exposure

<1.41.1-1
  • M
Resource Exhaustion

<1.33.2-1
  • M
Improper Input Validation

<1.28.0-1
  • M
Improper Input Validation

<1.28.0-1
  • M
Open Redirect

<1.28.0-1
  • H
Cross-site Scripting (XSS)

<1.27.0-1
  • M
Arbitrary Code Injection

<1.27.0-1
  • M
Resource Exhaustion

<1.25.0-1
  • M
Open Redirect

<1.25.0-1
  • M
Resource Exhaustion

<1.24.0-1
  • H
Arbitrary Code Injection

<1.20.0-1
  • M
Cross-site Scripting (XSS)

<1.21.1-1
  • C
Insufficient Verification of Data Authenticity

<1.5.0-1
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<0.99.2-5
  • H
Key Management Errors

<0.34.1.1-1
  • H
Improper Verification of Cryptographic Signature

<0.33.3.1-1
  • H
CVE-2018-12423

<0.31.2+dfsg-1
  • H
CVE-2018-12291

<0.31.1+dfsg-1
  • H
Improper Input Validation

<0.28.1+dfsg-1