matrix-org Latest Vulnerabilities
Latest vulnerabilities published by matrix-org
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Matrix SDK Vulnerability in Rust Implementation Affects Data Integrity
CVE-2025-48937Matrix-orgMatrix-rust-sdk4.9MEDIUMStored Cross-Site Scripting Vulnerability in Pinecone by Matrix.org
CVE-2025-27155Matrix-orgPinecone6.1MEDIUMArbitrary Command Execution Vulnerability in Matrix-IRC Bridge by Matrix
CVE-2025-27146Matrix-orgMatrix-appservice-irc4.3MEDIUMDenial of Service Vulnerability in matrix-hookshot for GitHub Integration
CVE-2025-23197Matrix-orgMatrix-hookshot6.5MEDIUMModeration Tool Vulnerability in Mjolnir by Matrix
CVE-2025-24024Matrix-orgMjolnir9.1CRITICALServer-Side Request Forgery Vulnerability in Gomatrixserverlib Library by Matrix Org
CVE-2024-52594Matrix-orgGomatrixserverlib4.3MEDIUMMatrix-react-sdk vulnerability allows homeserver to steal message keys for a room
CVE-2024-47824Matrix-orgMatrix-react-sdkVulnerability in matrix-js-sdk Could Allow Interception of Historical Message Keys
CVE-2024-47080Matrix-orgMatrix-js-sdkCycle Vulnerability in Matrix JavaScript SDK Affects Messaging Client
CVE-2024-42369Matrix-orgMatrix-js-sdk5.3MEDIUMIdentity Verification Vulnerability in matrix-rust-sdk Could Lead to Manipulation of Sensitive Operations
CVE-2024-40648Matrix-orgMatrix-rust-sdk5.4MEDIUMBase64 Time-Dependent Leakage Vulnerability Affects vodozemac's Open-Source Cryptographic Library
CVE-2024-40640Matrix-orgVodozemac2.9LOWMatrix Appservice-IRC Fixes Timestamp Vulnerability
CVE-2024-39691Matrix-orgMatrix-appservice-irc4.3MEDIUMLogging of Private Backup Key in Matrix Rust SDK Version 0.7.0
CVE-2024-34353Matrix-orgMatrix-sdk-crypto5.5MEDIUMIRC Bridge Vulnerability Leaks Message Content
CVE-2024-32000Matrix-orgMatrix-appservice-irc4.3MEDIUMSynapse vulnerable to leak of remote user device information
CVE-2023-43796Matrix-orgSynapse5.3MEDIUMmatrix-synapse vulnerable to denial of service due to malicious server ACL events
CVE-2023-45129Matrix-orgSynapse4.9MEDIUMSandbox escape for instances that have enabled transformation functions in matrix-hookshot
CVE-2023-43656Matrix-orgMatrix-hookshot5.6MEDIUMTemporary storage of plaintext passwords during password changes in matrix synapse
CVE-2023-41335Matrix-orgSynapse3.7LOWImproper validation of receipts allows forged read receipts in matrix synapse
CVE-2023-42453Matrix-orgSynapse3.1LOWmatrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
CVE-2023-38700Matrix-orgMatrix-appservice-irc3.5LOWmatrix-appservice-irc IRC command injection via admin commands containing newlines
CVE-2023-38690Matrix-orgMatrix-appservice-irc5.8MEDIUMmatrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs
CVE-2023-38691Matrix-orgMatrix-appservice-bridge5MEDIUMSydent does not verify email server certificates
CVE-2023-38686Matrix-orgSydent9.3CRITICALCross site scripting in Export Chat feature
CVE-2023-37259Matrix-orgMatrix-react-sdk6.1MEDIUMImproper checks for deactivated users during login in synapse
CVE-2023-32682Matrix-orgSynapse5.4MEDIUM