CVE-2025-49090

The Matrix specification before 1.16 i.e., with a room version before 12 and State Resolution before 2.1 has deficient state resolution...

EUVD-2025-32200

Malicious code in bioql PyPI...

EUVD-2025-32201

Malicious code in bioql PyPI...

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

CVE-2025-49090

The Matrix specification before 1.16 i.e., with a room version before 12 and State Resolution before 2.1 has deficient state resolution...

CVE-2025-49090

The Matrix specification before 1.16 i.e., with a room version before 12 and State Resolution before 2.1 has deficient state resolution...

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

CVE-2025-49090

The CVE-2025-49090 entry concerns the Matrix specification prior to 1.16, specifically room version before 12 and State Resolution before 2.1, which is reported to have deficient state resolution. The issue is documented across multiple feeds (RH, OSV, NVD, CVE list, Alpine, etc.) with linked adv...

CVE-2025-54315

The CVE-2025-54315 issue affects the Matrix protocol: prior to matrix 1.16 (room version

PT-2025-40415

Name of the Vulnerable Software and Affected Versions The Matrix specification versions prior to 1.16 Description The Matrix specification, when using a room version before 12, does not ensure uniqueness of create events. Recommendations Update to version 1.16 or later...

Mozilla Thunderbird < 128.5.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.5.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-69 advisory. - The Matrix specification demands homeservers to perform validation of the server-name and media-id components o...

Security Vulnerabilities fixed in Thunderbird 128.5.2 — Mozilla

The Matrix specification demands homeservers to perform validation of the server-name and media-id components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent client-side path traversal...

CVE-2022-31152

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

GHSA-JRH7-MHHX-6H88 Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints

Impact Missing input validation of some parameters on the groups also known as communities endpoints could cause excessive use of disk space and memory leading to resource exhaustion. Additionally clients may have issues rendering large fields. Patches This issue is fixed by 9321 and 9393...

CVE-2021-21394

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...