Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

matrix-org — Vulnerabilities & Security Advisories 80

Browse all 80 CVE security advisories affecting matrix-org. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by matrix-org:synapsematrix-js-sdkmatrix-appservice-ircmatrix-react-sdkmatrix-rust-sdksydentmatrix-appservice-bridgegomatrixserverlibmatrix-android-sdk2matrix-ios-sdkmatrix-hookshotvodozemacdendritematrix-sdk-cryptomjolnirpinecone
CVE IDTitleCVSSSeverityPublished
CVE-2023-38690 matrix-appservice-irc IRC command injection via admin commands containing newlines — matrix-appservice-ircCWE-20 5.8 Medium2023-08-04
CVE-2023-38686 Sydent does not verify email server certificates — sydentCWE-295 9.3 Critical2023-08-04
CVE-2023-37259 Cross site scripting in Export Chat feature — matrix-react-sdkCWE-79 6.1 Medium2023-07-18
CVE-2023-32683 URL deny list bypass via oEmbed and image URLs when generating previews in Synapse — synapseCWE-863 3.5 Low2023-06-06
CVE-2023-32682 Improper checks for deactivated users during login in synapse — synapseCWE-287 5.4 Medium2023-06-06
CVE-2022-39374 Synapse Denial of service due to incorrect application of event authorization rules during state resolution — synapseCWE-400 5.3 -2023-05-26
CVE-2022-39335 Synapse does not apply enough checks to servers requesting auth events of events in a room — synapseCWE-200 5.0 Medium2023-05-26
CVE-2023-32323 Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites — synapseCWE-20 5.0 Medium2023-05-26
CVE-2023-30609 matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting — matrix-react-sdkCWE-74 5.4 Medium2023-04-25
CVE-2023-29529 matrix-js-sdk vulnerable to invisible eavesdropping in group calls — matrix-js-sdkCWE-862 5.0 Medium2023-04-14
CVE-2022-36060 Prototype pollution in matrix-react-sdk — matrix-react-sdkCWE-1321 8.2 High2023-03-28
CVE-2023-28103 Prototype pollution in matrix-react-sdk — matrix-react-sdkCWE-1321 8.2 High2023-03-28
CVE-2023-28427 Prototype pollution in matrix-js-sdk — matrix-js-sdkCWE-1321 8.2 High2023-03-28
CVE-2022-36059 Prototype pollution in matrix-js-sdk — matrix-js-sdkCWE-1321 8.2 High2023-03-28
CVE-2022-41952 Uncontrolled Resource Consumption in Matrix Synapse — synapseCWE-400 6.5 Medium2022-11-22
CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder — matrix-rust-sdkCWE-322 8.6 High2022-09-29
CVE-2022-39250 Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification — matrix-js-sdkCWE-322 8.6 High2022-09-29
CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions — matrix-ios-sdkCWE-322 7.5 High2022-09-28
CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion — matrix-ios-sdkCWE-322 8.6 High2022-09-28
CVE-2022-39248 matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion — matrix-android-sdk2CWE-322 8.6 High2022-09-28
CVE-2022-39246 matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions — matrix-android-sdk2CWE-322 7.5 High2022-09-28
CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions — matrix-js-sdkCWE-322 7.5 High2022-09-28
CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion — matrix-js-sdkCWE-322 8.6 High2022-09-28
CVE-2022-39236 Matrix Javascript SDK improper beacon events can cause availability issues — matrix-js-sdkCWE-20 4.3 Medium2022-09-28
CVE-2022-39203 Parsing issue in matrix-org/node-irc leading to room takeovers — matrix-appservice-ircCWE-269 8.8 High2022-09-13
CVE-2022-39202 IRC mode parameter confusion in matrix-appservice-irc — matrix-appservice-ircCWE-269 4.3 Medium2022-09-13
CVE-2022-39200 Signature checks not applied to some retrieved missing events — dendriteCWE-347 7.3 High2022-09-12
CVE-2022-31152 Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules — synapseCWE-703 6.4 Medium2022-09-02
CVE-2022-36009 Incorrect parsing of access level in gomatrixserverlib and dendrite — gomatrixserverlibCWE-863 5.0 Medium2022-08-19
CVE-2022-31052 URL previews can crash Synapse media repositories or Synapse monoliths — synapseCWE-674 6.5 Medium2022-06-28

This page lists every published CVE security advisory associated with matrix-org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.