GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Synapse's invalid device keys degrade federation functionality
Moderate
CVE-2025-61672
was published
for
matrix-synapse
(pip)
Oct 8, 2025
matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
Moderate
CVE-2025-48937
was published
for
matrix-sdk-crypto
(Rust)
Jun 10, 2025
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
High
CVE-2024-47824
was published
for
matrix-react-sdk
(npm)
Oct 15, 2024
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
High
CVE-2024-47080
was published
for
matrix-js-sdk
(npm)
Oct 15, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
Moderate
CVE-2021-40823
was published
for
matrix-js-sdk
(npm)
Sep 14, 2021
Denial of service attack due to invalid JSON
High
CVE-2020-26890
was published
for
matrix-synapse
(pip)
Nov 24, 2020
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
Moderate
CVE-2020-26891
was published
for
matrix-synapse
(pip)
Oct 16, 2020
ProTip!
Advisories are also available from the
GraphQL API