VYPR

Matrix Js SDK

by Matrix Org

Source repositories

CVEs (13)

  • CVE-2024-47080HigOct 15, 2024
    risk 0.50cvss epss 0.01

    matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061)…

  • CVE-2024-50336MedNov 12, 2024
    risk 0.28cvss epss 0.01

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated…

  • CVE-2025-59160LowSep 16, 2025
    risk 0.11cvss epss 0.00

    Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an…

  • CVE-2024-42369Aug 20, 2024
    risk 0.00cvss epss 0.00

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the…

  • CVE-2023-29529Apr 14, 2023
    risk 0.00cvss epss 0.01

    matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk…

  • CVE-2023-28427Mar 28, 2023
    risk 0.00cvss epss 0.01

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability…

  • CVE-2022-36059Mar 28, 2023
    risk 0.00cvss epss 0.01

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability…

  • CVE-2022-39250Sep 29, 2022
    risk 0.00cvss epss 0.01

    Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user…

  • CVE-2022-39257Sep 28, 2022
    risk 0.00cvss epss 0.01

    Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some…

  • CVE-2022-39255Sep 28, 2022
    risk 0.00cvss epss 0.01

    Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey…

  • CVE-2022-39236Sep 28, 2022
    risk 0.00cvss epss 0.01

    Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note…

  • CVE-2022-39249Sep 28, 2022
    risk 0.00cvss epss 0.01

    Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some…

  • CVE-2022-39251Sep 28, 2022
    risk 0.00cvss epss 0.01

    Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield.…