Astra Linux - уязвимость в thunderbird

The Matrix JavaScript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker working alongside a malicious home server could create messages that appeared to be sent by another person, without any indication such as a gray shield. Additionally, a sophisticated...

Astra Linux - уязвимость в thunderbird

matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. In versions prior to 19.4.0, events sent with special strings in key locations could temporarily disrupt or hinder the proper functioning of matrix-js-sdk, potentially affecting the consumer’s ability...

Astra Linux - уязвимость в thunderbird

The Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker who cooperated with a malicious home server could interfere with the verification process between two users, substituting their own cross-signed user identity wi...

Astra Linux - уязвимость в thunderbird

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

EUVD-2021-1944

Malware in sbrugna...

EUVD-2022-6842

Malicious code in bioql PyPI...

EUVD-2025-29628

Malicious code in bioql PyPI...

EUVD-2022-6713

Malicious code in bioql PyPI...

EUVD-2022-6714

Malicious code in bioql PyPI...

EUVD-2022-6927

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-59160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor...

GHSA-MP7C-M3RH-R56V matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. Patches The issue has been patched and users should upgrade to...

@a.agiir/cinny (>=0.0.1 <=0.0.2), @airgap/beacon-sdk (>=0.0.1 <=0.0.3-beta.9) +73 more potentially affected by CVE-2025-59160 via matrix-js-sdk (>=0.0.4 <=37.5.0)

matrix-js-sdk NPM version =0.0.4, =0.0.1, =0.0.1, =0.0.34, =1.3.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =2.0.0-alpha.3, =2.0.0-alpha.1, =1.4.1, =1.1.0, =0.0.1, =0.0.0-development, =0.0.1-development and more Source cves: CVE-2025-59160 Source advisory: OSV:GHSA-MP7C-M3RH-R56V...

CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

UBUNTU-CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

CVE-2025-59160 matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

CVE-2025-59160

The CVE-2025-59160 entry concerns the Matrix JavaScript SDK (matrix-js-sdk) prior to version 38.2.0, where MatrixClient::getJoinedRooms performs insufficient validation of room predecessor links. This can allow a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-s...

CVE-2021-40823

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

Linux Distros Unpatched Vulnerability : CVE-2022-39249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct...