Matrix-org Matrix-js-sdk
11 CVEs affecting Matrix-org Matrix-js-sdk. Latest disclosed: 2025-09-16. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-39250 | High | 8.6 | 2022-09-29 | Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malici… |
CVE-2022-39251 | High | 8.6 | 2022-09-28 | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construc… |
CVE-2023-28427 | High | 8.2 | 2023-03-28 | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can t… |
CVE-2022-36059 | High | 8.2 | 2023-03-28 | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can t… |
CVE-2022-39249 | High | 7.5 | 2022-09-28 | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construc… |
CVE-2023-29529 | Medium | 5.0 | 2023-04-14 | matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eave… |
CVE-2022-39236 | Medium | 4.3 | 2022-09-28 | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede… |
CVE-2024-42369 | Medium | 4.1 | 2024-08-20 | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predeces… |
CVE-2025-59160 | | 2025-09-16 | Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor… | |
CVE-2024-50336 | | 2024-11-12 | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via cra… | |
CVE-2024-47080 | | 2024-10-15 | matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient… |