Approved changes feed: RSS · Atom
cpe:2.3:a:element-hq:synapse:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Element Hq (3b16b3ba-f167-5a48-b62a-dc4536b16c63) |
|---|---|
| Product | Synapse (e014d2ef-7c65-5736-b2d6-ae5e141b19a7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-45078 |
vulnerable | 2026-06-08 08:05:11.448881 |
Synapse CPU starvation (Denial of Service)
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.
Published: 2026-05-28T15:52:04.765Z
Updated: 2026-05-29T15:31:44.793Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-45076 |
vulnerable | 2026-06-08 08:05:11.448569 |
Synapse pagination denial of service
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This vulnerability is fixed in 1.152.1.
Published: 2026-05-28T15:50:25.842Z
Updated: 2026-06-02T14:51:34.553Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61672 |
vulnerable | 2026-06-08 07:37:27.912499 |
Synapse: Invalid device keys degrade federation functionality
Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. The issue is patched in Synapse 1.138.3, 1.138.4, 1.139.1, and 1.139.2. Note that even though 1.138.3 and 1.139.1 fix the vulnerability, they inadvertently introduced an unrelated regression. For this reason, the maintainers of Synapse recommend skipping these releases and upgrading straight to 1.138.4 and 1.139.2.
Published: 2025-10-08T14:55:06.378Z
Updated: 2025-10-15T16:11:07.284Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30355 |
vulnerable | 2026-06-08 07:16:59.913008 |
Synapse vulnerable to federation denial of service via malformed events
HIGH (7.1)
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
Published: 2025-03-27T00:59:27.996Z
Updated: 2025-03-27T13:47:50.179Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53867 |
vulnerable | 2026-06-08 06:54:15.653707 |
Synapse Matrix has a partial room state leak via Sliding Sync
MEDIUM (4.3)
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1.
Published: 2024-12-03T16:52:01.596Z
Updated: 2024-12-03T19:07:19.919Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53863 |
vulnerable | 2026-06-08 06:54:15.646673 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-52815 |
vulnerable | 2026-06-08 06:52:16.273722 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-52805 |
vulnerable | 2026-06-08 06:52:16.263635 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37303 |
vulnerable | 2026-06-08 06:39:47.085865 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37302 |
vulnerable | 2026-06-08 06:39:47.084400 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31208 |
vulnerable | 2026-06-08 06:35:31.098186 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.