OsVault/npm/trix

npm

trix

52 known vulnerabilities · 0 critical · 9 high

GHSA-g9jg-w8vm-g96v

Trix has a stored XSS vulnerability through its attachment attribute

Published Dec 31, 2025

CVE-2024-34341MEDIUM

Trix Editor Arbitrary Code Execution Vulnerability

Published May 7, 2024

CVE-2024-43368MEDIUM

Trix has a cross-site Scripting vulnerability on copy & paste

Published Aug 14, 2024

GHSA-qmpg-8xg6-ph5q

Trix has a Stored XSS vulnerability through serialized attributes

Published Mar 12, 2026

GHSA-53p3-c7vp-4mcc

Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)

Published Mar 29, 2026

CVE-2022-39203HIGH

Parsing issue in matrix-org/node-irc leading to room takeovers

Published Sep 15, 2022

CVE-2022-39236MEDIUM

Improper beacon events in matrix-js-sdk can result in availability issues

Published Sep 29, 2022

GHSA-7jp6-r74r-995q

OpenClaw: Matrix profile config persistence was reachable from operator.write message tools

Published Apr 17, 2026

CVE-2021-40823MEDIUM

matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver

Published Sep 14, 2021

CVE-2023-28103HIGH

Prototype pollution in matrix-react-sdk

Published Mar 29, 2023

CVE-2026-28471

OpenClaw has a Matrix allowlist bypass via displayName and cross-homeserver localpart matching

Published Feb 17, 2026

GHSA-9wqx-g2cw-vc7r

OpenClaw: Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers

Published Mar 27, 2026

MAL-2025-190982

Malicious code in orchestrix (npm)

Published Nov 24, 2025

CVE-2022-36059HIGH

matrix-js-sdk Prototype Pollution vulnerability

Published Mar 28, 2023

CVE-2024-42369MEDIUM

matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor

Published Aug 20, 2024

CVE-2022-36060HIGH

matrix-react-sdk Prototype pollution vulnerability

Published Mar 28, 2023

CVE-2022-39250HIGH

matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification

Published Sep 30, 2022

MAL-2025-190692

Malicious code in atrix-mongoose (npm)

Published Nov 24, 2025

CVE-2022-39202MEDIUM

matrix-appservice-irc vulnerable to IRC mode parameter confusion

Published Sep 15, 2022

CVE-2023-38700LOW

matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms

Published Aug 4, 2023

CVE-2024-47080

Matrix JavaScript SDK's key history sharing could share keys to malicious devices

Published Oct 15, 2024

CVE-2023-29529MEDIUM

matrix-js-sdk vulnerable to invisible eavesdropping in group calls

Published Apr 14, 2023

MAL-2025-191059

Malicious code in @trigo/atrix-swagger (npm)

Published Nov 24, 2025

MAL-2025-190760

Malicious code in @trigo/atrix-soap (npm)

Published Nov 24, 2025

MAL-2025-48298

Malicious code in matrix-charts (npm)

Published Oct 10, 2025

MAL-2025-3972

Malicious code in symphony-binary-confusion-matrix (npm)

Published May 15, 2025

CVE-2022-29166HIGH

Improper handling of multiline messages in node-irc affects matrix-appservice-irc

Published May 23, 2022

MAL-2022-1908

Malicious code in citrix-translate (npm)

Published Jun 20, 2022

MAL-2022-1909

Malicious code in citrixdeveloper-vscode (npm)

Published Jun 20, 2022

MAL-2025-2498

Malicious code in connectrix (npm)

Published Mar 18, 2025

CVE-2023-37259MEDIUM

matrix-react-sdk vulnerable to XSS in Export Chat feature

Published Jul 18, 2023

MAL-2022-2032

Malicious code in com.citrix.cordova.testapp (npm)

Published Jun 20, 2022

MAL-2022-6525

Malicious code in testmatrix (npm)

Published Jun 20, 2022

MAL-2025-190681

Malicious code in @trigo/atrix-postgres (npm)

Published Nov 24, 2025

MAL-2025-49300

Malicious code in new-route-matrix (npm)

Published Oct 31, 2025

CVE-2022-39249HIGH

matrix-js-sdk subject to impersonated messages due to permissive key forwarding

Published Sep 30, 2022

CVE-2022-3971MEDIUM

Matrix-appservice-irc vulnerable to sql injection via roomIds argument

Published Nov 13, 2022

CVE-2023-28427HIGH

Prototype pollution in matrix-js-sdk (part 2)

Published Mar 30, 2023

MAL-2025-190764

Malicious code in atrix (npm)

Published Nov 24, 2025

CVE-2022-39251HIGH

matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion

Published Sep 30, 2022

CVE-2023-38691MEDIUM

matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs

Published Aug 4, 2023

MAL-2022-198

Malicious code in @dentrix/fetlife-assets (npm)

Published Jun 20, 2022

MAL-2025-190759

Malicious code in @trigo/atrix-elasticsearch (npm)

Published Nov 24, 2025

MAL-2025-190828

Malicious code in @trigo/atrix-pubsub (npm)

Published Nov 24, 2025

MAL-2025-190677

Malicious code in @trigo/atrix (npm)

Published Nov 24, 2025

MAL-2025-190678

Malicious code in @trigo/atrix-acl (npm)

Published Nov 24, 2025

MAL-2025-190679

Malicious code in @trigo/atrix-mongoose (npm)

Published Nov 24, 2025

MAL-2025-190680

Malicious code in @trigo/atrix-orientdb (npm)

Published Nov 24, 2025

CVE-2021-32622MEDIUM

Improper file handling in matrix-react-sdk

Published Feb 10, 2022

GHSA-rg8m-3943-vm6q

OpenClaw: Matrix thread root and reply context bypass sender allowlist

Published Apr 2, 2026

MAL-2025-47910

Malicious code in @aviatrixdev/flight-suit (npm)

Published Oct 6, 2025

MAL-2025-190682

Malicious code in @trigo/atrix-redis (npm)

Published Nov 24, 2025

Check your entire dependency tree at onceRun dependency scan →