Matrix Synapse (Python) – Support, CVEs & Health

GHSA-22p3-qrh9-cx32 CVSS_V3

URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths

Published: 2022-06-29 Fixed in: 1.61.1

GHSA-246w-56m2-5899 CVSS_V3

Cross-site scripting (XSS) vulnerability in the password reset endpoint

Published: 2021-03-26 Fixed in: 1.27.0

GHSA-26c5-ppr8-f33p CVSS_V3

Synapse has improper checks for deactivated users during login

Published: 2023-06-06 Fixed in: 1.85.0

GHSA-2hwx-mjrm-v3g8 CVSS_V3

Denial of service attack via .well-known lookups

Published: 2021-03-01 Fixed in: 1.25.0

GHSA-3h7q-rfh9-xm4v CVSS_V3

Synapse V2 state resolution weakness allows Denial of Service (DoS)

Published: 2024-04-23 Fixed in: 1.105.1

GHSA-3hfw-x7gx-437c CVSS_V3

Path traversal in Matrix Synapse

Published: 2021-11-23 Fixed in: 1.47.1

GHSA-3x4c-pq33-4w3q CVSS_V3

Improper authorisation of members discloses room membership to non-members

Published: 2021-09-01 Fixed in: 1.41.1

GHSA-3x8c-fmpc-5rmq CVSS_V3

Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint

Published: 2020-10-16 Fixed in: 1.21.0

GHSA-45cj-f97f-ggwv CVSS_V3

Synapse does not apply enough checks to servers requesting auth events of events in a room

Published: 2023-05-24 Fixed in: 1.69.0

GHSA-4822-jvwx-w47h CVSS_V3

Uncontrolled Resource Consumption in Matrix Synapse

Published: 2022-04-01 Fixed in: 1.53.0

Matrix Synapse