Matrix-synapse

This hub aggregates every CVE we track for Matrix-synapse, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Matrix-synapse.

• CVE-2025-30355Synapse vulnerable to federation denial of service via malformed events7.1Mar 27, 2025
• CVE-2024-37303Synapse unauthenticated writes to the media repository allow planting of problematic content5.3Dec 3, 2024
• CVE-2024-37302Synapse denial of service through media disk space consumption7.5Dec 3, 2024
• CVE-2024-52805Synapse allows unsupported content types to lead to memory exhaustion7.5Dec 3, 2024
• CVE-2024-52815Synapse allows a a malformed invite to break the invitee's `/sync`5.3Dec 3, 2024
• CVE-2024-53867Synapse Matrix has a partial room state leak via Sliding Sync4.3Dec 3, 2024
• CVE-2024-53863Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders9.1Dec 3, 2024
• CVE-2024-31208Synapse's V2 state resolution weakness allows DoS from remote room members6.5Apr 23, 2024
• CVE-2023-43796Synapse vulnerable to leak of remote user device information5.3Oct 31, 2023
• CVE-2023-45129matrix-synapse vulnerable to denial of service due to malicious server ACL events4.9Oct 10, 2023
• CVE-2023-41335Temporary storage of plaintext passwords during password changes in matrix synapse3.7Sep 26, 2023
• CVE-2023-42453Improper validation of receipts allows forged read receipts in matrix synapse3.1Sep 26, 2023
• CVE-2023-32683URL deny list bypass via oEmbed and image URLs when generating previews in Synapse3.5Jun 6, 2023
• CVE-2023-32682Improper checks for deactivated users during login in synapse5.4Jun 6, 2023
• CVE-2022-39374Synapse Denial of service due to incorrect application of event authorization rules during state resolution6.5May 26, 2023