matrix-org Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by matrix-org
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Moderation Tool Vulnerability in Mjolnir by Matrix
CVE-2025-24024Matrix-orgMjolnir9.1CRITICALSydent does not verify email server certificates
CVE-2023-38686Matrix-orgSydent9.3CRITICALPrototype pollution in matrix-react-sdk
CVE-2023-28103Matrix-orgMatrix-react-sdk8.2HIGHPrototype pollution in matrix-js-sdk
CVE-2023-28427Matrix-orgMatrix-js-sdk8.2HIGHPrototype pollution in matrix-react-sdk
CVE-2022-36060Matrix-orgMatrix-react-sdk8.2HIGHPrototype pollution in matrix-js-sdk
CVE-2022-36059Matrix-orgMatrix-js-sdk8.2HIGHWhen matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder
CVE-2022-39252Matrix-orgMatrix-rust-sdk8.6HIGHMatrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification
CVE-2022-39250Matrix-orgMatrix-js-sdk8.6HIGHMatrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions
CVE-2022-39257Matrix-orgMatrix-iOS-sdk7.5HIGHMatrix iOS SDK vulnerable ton Olm/Megolm protocol confusion
CVE-2022-39255Matrix-orgMatrix-iOS-sdk8.6HIGHmatrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
CVE-2022-39248Matrix-orgMatrix-android-sdk28.6HIGHmatrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions
CVE-2022-39246Matrix-orgMatrix-android-sdk27.5HIGHMatrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions
CVE-2022-39249Matrix-orgMatrix-js-sdk7.5HIGHMatrix Javascript SDK vulnerable to Olm/Megolm protocol confusion
CVE-2022-39251Matrix-orgMatrix-js-sdk8.6HIGHParsing issue in matrix-org/node-irc leading to room takeovers
CVE-2022-39203Matrix-orgMatrix-appservice-irc8.8HIGHSignature checks not applied to some retrieved missing events
CVE-2022-39200Matrix-orgDendrite7.3HIGHImproper handling of multiline messages in matrix-appservice-irc
CVE-2022-29166Matrix-orgMatrix-appservice-irc8HIGHPath traversal in Matrix Synapse
CVE-2021-41281Matrix-orgSynapse7.5HIGHSSRF in Sydent due to missing validation of hostnames
CVE-2021-29431Matrix-orgSydent7.7HIGHDenial of service attack via memory exhaustion
CVE-2021-29430Matrix-orgSydent7.5HIGH
21 January 2025
4 August 2023
28 March 2023
29 September 2022
28 September 2022
13 September 2022
12 September 2022
5 May 2022
23 November 2021
15 April 2021
No more vulnerabilities to load.