Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

matrix-org — Vulnerabilities & Security Advisories 80

Browse all 80 CVE security advisories affecting matrix-org. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by matrix-org:synapsematrix-js-sdkmatrix-appservice-ircmatrix-react-sdkmatrix-rust-sdksydentmatrix-appservice-bridgegomatrixserverlibmatrix-android-sdk2matrix-ios-sdkmatrix-hookshotvodozemacdendritematrix-sdk-cryptomjolnirpinecone
CVE IDTitleCVSSSeverityPublished
CVE-2022-29166 Improper handling of multiline messages in matrix-appservice-irc — matrix-appservice-ircCWE-74 8.0 High2022-05-05
CVE-2021-41281 Path traversal in Matrix Synapse — synapseCWE-22 7.5 High2021-11-23
CVE-2021-39164 Improper authorisation of /members discloses room membership to non-members — synapseCWE-200 3.1 Low2021-08-31
CVE-2021-39163 Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner. — synapseCWE-200 3.1 Low2021-08-31
CVE-2021-32659 Automatic room upgrade handling can be used maliciously to bridge a room non-consentually — matrix-appservice-bridgeCWE-306 6.5 Medium2021-06-16
CVE-2021-32622 File upload local preview can run embedded scripts after user interaction — matrix-react-sdkCWE-74 4.2 Medium2021-05-17
CVE-2021-29471 Denial of service in Matrix Synapse — synapseCWE-400 3.7 Low2021-05-11
CVE-2021-29431 SSRF in Sydent due to missing validation of hostnames — sydentCWE-20 7.7 High2021-04-15
CVE-2021-29432 Malicious users could control the content of invitation emails — sydentCWE-20 5.3 Medium2021-04-15
CVE-2021-29430 Denial of service attack via memory exhaustion — sydentCWE-20 7.5 High2021-04-15
CVE-2021-29433 Denial of service (via resource exhaustion) due to improper input validation — sydentCWE-20 4.3 Medium2021-04-15
CVE-2021-21392 Open redirect via transitional IPv6 addresses on dual-stack networks — synapseCWE-601 6.3 Medium2021-04-12
CVE-2021-21393 Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints — synapseCWE-20 5.3 Medium2021-04-12
CVE-2021-21394 Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints — synapseCWE-20 5.3 Medium2021-04-12
CVE-2021-21333 HTML injection in email and account expiry notifications — synapseCWE-74 6.1 Medium2021-03-26
CVE-2021-21332 Cross-site scripting (XSS) vulnerability in the password reset endpoint — synapseCWE-79 6.9 Medium2021-03-26
CVE-2021-21320 User content sandbox can be confused into opening arbitrary documents — matrix-react-sdkCWE-345 2.6 Low2021-03-02
CVE-2021-21273 Open redirects on some federation and push requests — synapseCWE-601 3.1 Low2021-02-26
CVE-2021-21274 Denial of service attack via .well-known lookups — synapseCWE-400 4.3 Medium2021-02-26
CVE-2020-26257 Denial of service attack via incorrect parameters to federation APIs — synapseCWE-400 6.5 Medium2020-12-09

This page lists every published CVE security advisory associated with matrix-org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.