Package impact

PyPI / matrix-synapse

CVE	Severity	CVSS	Risk	Published	Description
CVE-2026-45076	medium	—	5.5	14d ago	Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full h…
CVE-2021-41281	medium	—	5.5	5y ago	Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a rem…
CVE-2021-39163	medium	—	5.5	5y ago	Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if t…
CVE-2021-39164	medium	—	5.5	5y ago	Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) o…
CVE-2021-29471	medium	—	5.5	5y ago	Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push …
CVE-2020-26257	medium	—	5.5	6y ago	Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed e…