VIR Vulnerability Intelligence Relay

Package impact

python PyPI / matrix-synapse

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-45078 high 8.0 14d ago Synapse CPU starvation (Denial of Service) python
CVE-2019-5885 high 8.0 4y ago Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers … archdebianpython
CVE-2020-26890 high 8.0 6y ago Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service atta… archdebianpython
CVE-2020-26891 high 8.0 6y ago AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Syn… archdebianpython