Element

This hub aggregates every CVE we track for Element, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 10 most recently published vulnerabilities affecting Element.

• CVE-2025-27606Element Android PIN autologout bypass5.1Mar 14, 2025
• CVE-2024-26132Element Android can be asked to share internal files.4.0Feb 20, 2024
• CVE-2024-26131Element Android Intent Redirection8.4Feb 20, 2024
• CVE-2022-41904Element iOS is vulnerable due to missing decoration for events decrypted with untrusted Megolm sessions6.4Nov 11, 2022
• CVE-2021-44538The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its sta...9.8Dec 14, 2021
• CVE-2021-40824A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in...5.9Sep 13, 2021
• CVE-2019-10219A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. T...6.1Nov 8, 2019
• CVE-2019-10247In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified di...5.3Apr 22, 2019
• CVE-2019-10246In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when i...5.3Apr 22, 2019
• CVE-2017-12617When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the...KEV8.1Oct 3, 2017