Every CVE whose affected-product data names Matrix Synapse, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (40)
CVE-2019-18835 — CVSS 9.8 (critical): Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite…
CVE-2024-53863 — CVSS 9.1 (critical): Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a…
CVE-2018-16515 — CVSS 8.8 (high): Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper…
CVE-2019-11842 — CVSS 7.5 (high): An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it…
CVE-2019-5885 — CVSS 7.5 (high): Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a…
CVE-2020-26890 — CVSS 7.5 (high): Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events…
CVE-2018-10657 — CVSS 7.5 (high): Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms…
CVE-2018-12291 — CVSS 7.5 (high): The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events…
CVE-2018-12423 — CVSS 7.5 (high): In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.
CVE-2021-41281 — CVSS 7.5 (high): Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media…
CVE-2024-37302 — CVSS 7.5 (high): Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated…
CVE-2024-52805 — CVSS 7.5 (high): Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations…
CVE-2025-30355 — CVSS 7.1 (high): Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse…
CVE-2021-21332 — CVSS 6.9 (medium): Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant…
CVE-2024-31208 — CVSS 6.5 (medium): Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before…
CVE-2022-31052 — CVSS 6.5 (medium): Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web…
CVE-2022-39374 — CVSS 6.5 (medium): Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are…
CVE-2022-41952 — CVSS 6.5 (medium): Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly…
CVE-2020-26257 — CVSS 6.5 (medium): Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A…
CVE-2022-31152 — CVSS 6.4 (medium): Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list…
CVE-2021-21392 — CVSS 6.3 (medium): Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant…
CVE-2021-21333 — CVSS 6.1 (medium): Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant…
CVE-2020-26891 — CVSS 6.1 (medium): AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows…
CVE-2023-32682 — CVSS 5.4 (medium): Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a…
CVE-2023-43796 — CVSS 5.3 (medium): Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be…
CVE-2024-52815 — CVSS 5.3 (medium): Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation…
CVE-2024-37303 — CVSS 5.3 (medium): Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger…
CVE-2021-21393 — CVSS 5.3 (medium): Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant…
CVE-2021-21394 — CVSS 5.3 (medium): Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant…
CVE-2023-32323 — CVSS 5.0 (medium): Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X…
CVE-2022-39335 — CVSS 5.0 (medium): Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote…
CVE-2023-45129 — CVSS 4.9 (medium): Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious…
CVE-2021-21274 — CVSS 4.3 (medium): Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant…
CVE-2023-41335 — CVSS 3.7 (low): Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new…
CVE-2021-29471 — CVSS 3.7 (low): Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant…
CVE-2023-32683 — CVSS 3.5 (low): Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the…
CVE-2021-39164 — CVSS 3.1 (low): Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access…
CVE-2023-42453 — CVSS 3.1 (low): Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for…
CVE-2021-39163 — CVSS 3.1 (low): Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access…
CVE-2021-21273 — CVSS 3.1 (low): Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant…