Known Vulnerabilities for products from Matrix
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Matrix".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-4388 json | Not Provided | 2026-04-14 | 2026-04-14 | |
| CVE-2026-3984 json | Not Provided | 2026-03-12 | 2026-03-12 | |
| CVE-2026-3983 json | Not Provided | 2026-03-12 | 2026-03-12 | |
| CVE-2024-50485 json | Not Provided | 2024-10-29 | 2026-04-01 | |
| CVE-2023-45129 json | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a m... | 4.9 - MEDIUM | 2023-10-10 | 2024-01-07 |
| CVE-2023-43796 json | Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users... | 5.3 - MEDIUM | 2023-10-31 | 2024-01-07 |
| CVE-2023-43656 json | matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have ... | 9 - CRITICAL | 2023-09-27 | 2023-10-05 |
| CVE-2023-42453 json | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge rea... | 4.3 - MEDIUM | 2023-09-27 | 2024-01-07 |
| CVE-2023-41335 json | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their pass... | 3.7 - LOW | 2023-09-27 | 2024-01-07 |
| CVE-2023-38700 json | matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that... | 3.7 - LOW | 2023-08-04 | 2023-08-11 |
| CVE-2023-38691 json | matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.... | 6.5 - MEDIUM | 2023-08-04 | 2023-08-11 |
| CVE-2023-38690 json | matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newl... | 9.8 - CRITICAL | 2023-08-04 | 2023-08-11 |
| CVE-2023-38686 json | Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails usi... | 5.3 - MEDIUM | 2023-08-04 | 2023-08-10 |
| CVE-2023-32683 json | Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can by... | 5.4 - MEDIUM | 2023-06-06 | 2023-06-17 |
| CVE-2023-32682 json | Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible... | 5.4 - MEDIUM | 2023-06-06 | 2023-06-17 |
| CVE-2023-32323 json | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synaps... | 4.3 - MEDIUM | 2023-05-26 | 2023-09-18 |
| CVE-2023-29529 json | matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 g... | 5.3 - MEDIUM | 2023-04-14 | 2023-04-25 |
| CVE-2023-28427 json | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with s... | 8.2 - HIGH | 2023-03-28 | 2023-05-30 |
| CVE-2022-41952 json | Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs with... | 5.3 - MEDIUM | 2022-11-22 | 2023-07-06 |
| CVE-2022-39374 json | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious h... | 6.5 - MEDIUM | 2023-05-26 | 2023-09-18 |