Security Advisories · matrix-org/matrix-js-sdk · GitHub

Security Advisories

View information about security vulnerabilities from this repository's maintainers.

Insufficient validation when considering a room to be upgraded by another
GHSA-mp7c-m3rh-r56v published Sep 16, 2025 by davidegirardi

Low
Insufficient MXC URI validation allows client-side path traversal
GHSA-xvg8-m4x3-w6xr published Nov 12, 2024 by davidegirardi

Moderate
A room with itself as a its predecessor will freeze matrix-js-sdk
GHSA-vhr5-g3pm-49fm published Aug 20, 2024 by davidegirardi

High
Invisible eavesdropping in group calls
GHSA-6g67-q39g-r79q published Apr 13, 2023 by dkasak

Moderate
Prototype pollution in matrix-js-sdk (part 2)
GHSA-mwq8-fjpf-c2gr published Mar 28, 2023 by dkasak

High
Impersonation via forwarded Megolm sessions
GHSA-6263-x97c-c4gg published Sep 28, 2022 by dkasak

Moderate
Improper beacon events can cause availability issues
GHSA-hvv8-5v86-r45x published Sep 28, 2022 by turt2live

Moderate
Prototype pollution in matrix-js-sdk
GHSA-rfv9-x7hh-xc32 published Mar 28, 2023 by dkasak

High
Olm/Megolm protocol confusion
GHSA-r48r-j8fx-mq2c published Sep 28, 2022 by dkasak

Critical
Key/device identifier confusion in SAS verification
GHSA-5w8r-8pgj-5jmf published Sep 29, 2022 by dkasak

Critical