Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

synapse — Vulnerabilities & Security Advisories 33

All 33 CVE vulnerabilities found in synapse, with AI-generated Chinese analysis, references, and POCs.

Vendor: matrix-org

CVE IDTitleCVSSSeverityPaused
CVE-2025-61672 Synapse: Invalid device keys degrade federation functionality CWE-1287 6.5AIMediumAI2025-10-08
CVE-2025-30355 Synapse vulnerable to federation denial of service via malformed events CWE-20 7.1 High2025-03-27
CVE-2024-37303 Synapse unauthenticated writes to the media repository allow planting of problematic content CWE-306 5.3 Medium2024-12-03
CVE-2024-37302 Synapse denial of service through media disk space consumption CWE-770 7.5 High2024-12-03
CVE-2024-52805 Synapse allows unsupported content types to lead to memory exhaustion CWE-770 7.5 -2024-12-03
CVE-2024-52815 Synapse allows a a malformed invite to break the invitee's `/sync` CWE-20--2024-12-03
CVE-2024-53867 Synapse Matrix has a partial room state leak via Sliding Sync CWE-497 4.3 Medium2024-12-03
CVE-2024-53863 Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders CWE-434 6.5 -2024-12-03
CVE-2024-31208 Synapse's V2 state resolution weakness allows DoS from remote room members CWE-770 6.5 Medium2024-04-23
CVE-2023-43796 Synapse vulnerable to leak of remote user device information CWE-200 5.3 Medium2023-10-31
CVE-2023-45129 matrix-synapse vulnerable to denial of service due to malicious server ACL events CWE-770 4.9 Medium2023-10-10
CVE-2023-41335 Temporary storage of plaintext passwords during password changes in matrix synapse CWE-312 3.7 Low2023-09-26
CVE-2023-42453 Improper validation of receipts allows forged read receipts in matrix synapse CWE-285 3.1 Low2023-09-26
CVE-2023-32683 URL deny list bypass via oEmbed and image URLs when generating previews in Synapse CWE-863 3.5 Low2023-06-06
CVE-2023-32682 Improper checks for deactivated users during login in synapse CWE-287 5.4 Medium2023-06-06
CVE-2022-39374 Synapse Denial of service due to incorrect application of event authorization rules during state resolution CWE-400 5.3 -2023-05-26
CVE-2022-39335 Synapse does not apply enough checks to servers requesting auth events of events in a room CWE-200 5.0 Medium2023-05-26
CVE-2023-32323 Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites CWE-20 5.0 Medium2023-05-26
CVE-2022-41952 Uncontrolled Resource Consumption in Matrix Synapse CWE-400 6.5 Medium2022-11-22
CVE-2022-31152 Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules CWE-703 6.4 Medium2022-09-02
CVE-2022-31052 URL previews can crash Synapse media repositories or Synapse monoliths CWE-674 6.5 Medium2022-06-28
CVE-2021-41281 Path traversal in Matrix Synapse CWE-22 7.5 High2021-11-23
CVE-2021-39164 Improper authorisation of /members discloses room membership to non-members CWE-200 3.1 Low2021-08-31
CVE-2021-39163 Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner. CWE-200 3.1 Low2021-08-31
CVE-2021-29471 Denial of service in Matrix Synapse CWE-400 3.7 Low2021-05-11
CVE-2021-21392 Open redirect via transitional IPv6 addresses on dual-stack networks CWE-601 6.3 Medium2021-04-12
CVE-2021-21393 Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints CWE-20 5.3 Medium2021-04-12
CVE-2021-21394 Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints CWE-20 5.3 Medium2021-04-12
CVE-2021-21333 HTML injection in email and account expiry notifications CWE-74 6.1 Medium2021-03-26
CVE-2021-21332 Cross-site scripting (XSS) vulnerability in the password reset endpoint CWE-79 6.9 Medium2021-03-26

All 33 known CVE vulnerabilities affecting synapse with full Chinese analysis, references, and POCs where available.