VYPR

Vendor CVEs

Matrix Org

All CVEs

98 total · sorted by risk
  • CVE-2025-24024CriJan 21, 2025
    risk 0.52cvss 9.1epss 0.01

    Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1…

  • CVE-2024-47824HigOct 15, 2024
    risk 0.50cvss epss 0.01

    matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites…

  • CVE-2024-47080HigOct 15, 2024
    risk 0.50cvss epss 0.01

    matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061)…

  • CVE-2025-54315HigOct 2, 2025
    risk 0.39cvss 7.1epss 0.00

    The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.

  • CVE-2025-49090HigOct 2, 2025
    risk 0.39cvss 7.1epss 0.00

    The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.

  • CVE-2025-23197MedJan 27, 2025
    risk 0.35cvss 6.5epss 0.00

    matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service (DoS) whereby it can…

  • CVE-2025-27155MedMar 4, 2025
    risk 0.33cvss 6.1epss 0.00

    Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent…

  • CVE-2024-34353MedMay 14, 2024
    risk 0.29cvss 5.5epss 0.00

    The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's…

  • CVE-2024-52505MedNov 14, 2024
    risk 0.28cvss 5.4epss 0.00

    matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has…

  • CVE-2024-50336MedNov 12, 2024
    risk 0.28cvss epss 0.01

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated…

  • CVE-2024-40648MedJul 18, 2024
    risk 0.28cvss 5.4epss 0.00

    matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The `UserIdentity::is_verified()` method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check…

  • CVE-2025-53549MedJul 10, 2025
    risk 0.27cvss epss 0.00

    The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::find_event_with_relations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in…

  • CVE-2025-48937MedJun 10, 2025
    risk 0.25cvss 4.9epss 0.00

    matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients,…

  • CVE-2024-52594MedJan 16, 2025
    risk 0.21cvss 4.3epss 0.00

    Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users…

  • CVE-2024-52813MedJan 7, 2025
    risk 0.21cvss 4.3epss 0.00

    matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause…

  • CVE-2024-39691MedJul 5, 2024
    risk 0.21cvss 4.3epss 0.00

    matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event…

  • CVE-2024-32000MedApr 12, 2024
    risk 0.21cvss 4.3epss 0.00

    matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a…

  • CVE-2024-40640LowJul 17, 2024
    risk 0.12cvss 2.9epss 0.00

    vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and `PkDecryption` Ed25519 secret keys. This flaw might allow an…

  • CVE-2025-59160LowSep 16, 2025
    risk 0.11cvss epss 0.00

    Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an…

  • CVE-2025-59047LowSep 11, 2025
    risk 0.11cvss epss 0.00

    matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1.…

  • CVE-2024-34063LowMay 3, 2024
    risk 0.09cvss 2.5epss 0.00

    vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a…

  • CVE-2026-45057Jun 4, 2026
    risk 0.00cvss epss 0.00

    ### Impact The message edit validation logic in the `matrix-sdk-ui` crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator (or an actor with…

  • CVE-2026-45056Jun 4, 2026
    risk 0.00cvss epss 0.00

    ### Impact The `matrix-sdk-crypto` crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the `sender_device_keys` property. This could be exploited to spoof the sender of an encrypted to-device message,…

  • CVE-2025-66622Dec 9, 2025
    risk 0.00cvss epss 0.00

    matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is…

  • CVE-2025-27146Feb 25, 2025
    risk 0.00cvss epss 0.00

    matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user.…

  • CVE-2024-10381Oct 25, 2024
    risk 0.00cvss epss 0.01

    This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable…

  • CVE-2024-45191Aug 22, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This…

  • CVE-2024-45193Aug 22, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer…

  • CVE-2024-45192Aug 22, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the…

  • CVE-2024-42369Aug 20, 2024
    risk 0.00cvss epss 0.00

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the…

  • CVE-2024-42347Aug 6, 2024
    risk 0.00cvss epss 0.00

    matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages…

  • CVE-2024-38432Jul 30, 2024
    risk 0.00cvss epss 0.00

    Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File

  • CVE-2024-38431Jul 30, 2024
    risk 0.00cvss epss 0.00

    Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy

  • CVE-2024-38430Jul 30, 2024
    risk 0.00cvss epss 0.00

    Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  • CVE-2024-38429Jul 30, 2024
    risk 0.00cvss epss 0.00

    Matrix Tafnit v8 -  CWE-552: Files or Directories Accessible to External Parties

  • CVE-2023-43796Oct 31, 2023
    risk 0.00cvss epss 0.01

    Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to…

  • CVE-2023-45129Oct 10, 2023
    risk 0.00cvss epss 0.01

    Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed…

  • CVE-2023-43656Sep 27, 2023
    risk 0.00cvss epss 0.00

    matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is…

  • CVE-2023-41335Sep 26, 2023
    risk 0.00cvss epss 0.00

    Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the…

  • CVE-2023-42453Sep 26, 2023
    risk 0.00cvss epss 0.01

    Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This…

  • CVE-2023-38700Aug 4, 2023
    risk 0.00cvss epss 0.00

    matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue.…

  • CVE-2023-38691Aug 4, 2023
    risk 0.00cvss epss 0.00

    matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning…

  • CVE-2023-38690Aug 4, 2023
    risk 0.00cvss epss 0.01

    matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge…

  • CVE-2023-38686Aug 4, 2023
    risk 0.00cvss epss 0.00

    Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack.…

  • CVE-2023-37259Jul 18, 2023
    risk 0.00cvss epss 0.00

    matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the…

  • CVE-2023-32683Jun 6, 2023
    risk 0.00cvss epss 0.01

    Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP…

  • CVE-2023-32682Jun 6, 2023
    risk 0.00cvss epss 0.01

    Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled…

  • CVE-2022-39374May 26, 2023
    risk 0.00cvss epss 0.01

    Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the…

  • CVE-2022-39335May 26, 2023
    risk 0.00cvss epss 0.01

    Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that…

  • CVE-2023-32323May 26, 2023
    risk 0.00cvss epss 0.01

    Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with…

Page 1 of 2