[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-52791":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":20,"duplicate_of":9,"upstream":23,"downstream":24,"duplicates":29,"related":30,"reserved_at":9,"published_at":33,"modified_at":34,"state":35,"summary":36,"references_raw":45,"kevs":75,"epss":76,"epss_history":79,"metrics":343,"affected":357},"CVE-2024-52791","Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. This is fixed in MMR v1.3.8. Users are advised to upgrade. For users unable to upgrade; forward proxies can be configured to block requests to unsafe hosts. Alternatively, MMR processes can be configured with memory limits and auto-restart. Running multiple MMR processes concurrently can help ensure a restart does not overly impact users.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-789","Memory Allocation with Excessive Size Value","The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.","weakness","Draft","Variant",[],[],[21,22],"GHSA-gp86-q8hg-fpxj","GO-2025-3398",[],[25,27],{"_key":26},"SUSE-SU-2025:0297-1",{"_key":28},"OPENSUSE-SU-2025:14704-1",[],[31,32],{"_key":26},{"_key":28},"2025-01-16T19:12:25.853Z","2025-02-12T20:31:21.849Z","Analyzed",{"cisa_kev":37,"cisa_ransomware":37,"cisa_vendor":9,"epss_severity":38,"epss_score":39,"severity":40,"severity_score":41,"severity_version":42,"severity_source":43,"severity_vector":44,"severity_status":35},false,"low",0.00103,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[46,56,62,66,71],{"url":47,"sources":48,"tags":51},"https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-gp86-q8hg-fpxj",[49,43,50],"cve.org","osv_go",[52,53,54,55],"X Refsource CONFIRM","Vendor Advisory","WEB","Advisory",{"url":57,"sources":58,"tags":59},"https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8",[49,43,50],[60,61,54],"X Refsource MISC","Release Notes",{"url":63,"sources":64,"tags":65},"https://nvd.nist.gov/vuln/detail/CVE-2024-52791",[50],[55],{"url":67,"sources":68,"tags":69},"https://github.com/t2bot/matrix-media-repo",[50],[70],"PACKAGE",{"url":72,"sources":73,"tags":74},"https://pkg.go.dev/vuln/GO-2025-3398",[50],[54],[],{"date":77,"score":39,"percentile":78},"2026-06-05",0.27815,[80,84,87,90,93,96,99,102,105,109,112,115,117,120,123,127,130,133,136,138,141,144,147,149,152,155,158,161,164,167,170,173,176,179,182,185,188,191,194,197,200,203,206,209,212,215,218,220,223,225,227,230,233,236,239,242,245,248,251,254,257,260,262,265,268,271,274,277,280,283,285,288,291,294,297,300,303,305,308,310,313,316,319,322,325,328,331,334,337,340],{"date":81,"score":82,"percentile":83},"2025-11-04",0.00346,0.56485,{"date":85,"score":82,"percentile":86},"2025-11-05",0.56463,{"date":88,"score":82,"percentile":89},"2025-11-06",0.56465,{"date":91,"score":82,"percentile":92},"2025-11-07",0.56479,{"date":94,"score":82,"percentile":95},"2025-11-08",0.56482,{"date":97,"score":82,"percentile":98},"2025-11-09",0.56471,{"date":100,"score":82,"percentile":101},"2025-11-10",0.56444,{"date":103,"score":82,"percentile":104},"2025-11-11",0.56458,{"date":106,"score":107,"percentile":108},"2025-11-12",0.00406,0.60352,{"date":110,"score":107,"percentile":111},"2025-11-13",0.60359,{"date":113,"score":107,"percentile":114},"2025-11-14",0.60369,{"date":116,"score":107,"percentile":111},"2025-11-15",{"date":118,"score":107,"percentile":119},"2025-11-16",0.60346,{"date":121,"score":107,"percentile":122},"2025-11-17",0.60344,{"date":124,"score":125,"percentile":126},"2025-11-18",0.00517,0.64082,{"date":128,"score":125,"percentile":129},"2025-11-19",0.64095,{"date":131,"score":125,"percentile":132},"2025-11-20",0.64094,{"date":134,"score":107,"percentile":135},"2025-11-21",0.60357,{"date":137,"score":107,"percentile":111},"2025-11-22",{"date":139,"score":107,"percentile":140},"2025-11-23",0.6034,{"date":142,"score":107,"percentile":143},"2025-11-24",0.60338,{"date":145,"score":107,"percentile":146},"2025-11-25",0.60342,{"date":148,"score":107,"percentile":122},"2025-11-26",{"date":150,"score":107,"percentile":151},"2025-11-27",0.60349,{"date":153,"score":107,"percentile":154},"2025-11-28",0.60326,{"date":156,"score":107,"percentile":157},"2025-11-29",0.60301,{"date":159,"score":107,"percentile":160},"2025-11-30",0.60292,{"date":162,"score":107,"percentile":163},"2025-12-01",0.60442,{"date":165,"score":107,"percentile":166},"2025-12-02",0.6045,{"date":168,"score":107,"percentile":169},"2025-12-03",0.60454,{"date":171,"score":107,"percentile":172},"2025-12-04",0.60287,{"date":174,"score":107,"percentile":175},"2025-12-05",0.60294,{"date":177,"score":107,"percentile":178},"2025-12-06",0.60284,{"date":180,"score":107,"percentile":181},"2025-12-07",0.60278,{"date":183,"score":107,"percentile":184},"2025-12-08",0.60281,{"date":186,"score":107,"percentile":187},"2025-12-09",0.60317,{"date":189,"score":107,"percentile":190},"2025-12-10",0.60363,{"date":192,"score":107,"percentile":193},"2025-12-11",0.60383,{"date":195,"score":107,"percentile":196},"2025-12-12",0.60401,{"date":198,"score":107,"percentile":199},"2025-12-13",0.60402,{"date":201,"score":107,"percentile":202},"2025-12-14",0.60398,{"date":204,"score":107,"percentile":205},"2025-12-15",0.60372,{"date":207,"score":107,"percentile":208},"2025-12-16",0.60395,{"date":210,"score":107,"percentile":211},"2025-12-17",0.6041,{"date":213,"score":107,"percentile":214},"2025-12-18",0.60453,{"date":216,"score":107,"percentile":217},"2025-12-19",0.60462,{"date":219,"score":107,"percentile":217},"2025-12-20",{"date":221,"score":107,"percentile":222},"2025-12-21",0.60448,{"date":224,"score":107,"percentile":163},"2025-12-22",{"date":226,"score":107,"percentile":169},"2025-12-23",{"date":228,"score":107,"percentile":229},"2025-12-24",0.60465,{"date":231,"score":107,"percentile":232},"2025-12-25",0.60497,{"date":234,"score":107,"percentile":235},"2025-12-26",0.60494,{"date":237,"score":107,"percentile":238},"2025-12-27",0.60548,{"date":240,"score":107,"percentile":241},"2025-12-28",0.6047,{"date":243,"score":107,"percentile":244},"2025-12-29",0.60464,{"date":246,"score":107,"percentile":247},"2025-12-30",0.60477,{"date":249,"score":107,"percentile":250},"2025-12-31",0.60499,{"date":252,"score":107,"percentile":253},"2026-01-01",0.60682,{"date":255,"score":107,"percentile":256},"2026-01-02",0.60669,{"date":258,"score":107,"percentile":259},"2026-01-03",0.60667,{"date":261,"score":107,"percentile":235},"2026-01-04",{"date":263,"score":107,"percentile":264},"2026-01-05",0.6048,{"date":266,"score":107,"percentile":267},"2026-01-06",0.60491,{"date":269,"score":107,"percentile":270},"2026-01-07",0.60515,{"date":272,"score":107,"percentile":273},"2026-01-08",0.60541,{"date":275,"score":107,"percentile":276},"2026-01-09",0.60544,{"date":278,"score":107,"percentile":279},"2026-01-10",0.60537,{"date":281,"score":107,"percentile":282},"2026-01-11",0.60521,{"date":284,"score":107,"percentile":232},"2026-01-12",{"date":286,"score":107,"percentile":287},"2026-01-13",0.60461,{"date":289,"score":107,"percentile":290},"2026-01-14",0.605,{"date":292,"score":107,"percentile":293},"2026-01-15",0.60501,{"date":295,"score":107,"percentile":296},"2026-01-16",0.60523,{"date":298,"score":107,"percentile":299},"2026-01-17",0.60516,{"date":301,"score":107,"percentile":302},"2026-01-18",0.60514,{"date":304,"score":107,"percentile":290},"2026-01-19",{"date":306,"score":107,"percentile":307},"2026-01-20",0.60512,{"date":309,"score":107,"percentile":302},"2026-01-21",{"date":311,"score":107,"percentile":312},"2026-01-22",0.60518,{"date":314,"score":107,"percentile":315},"2026-01-23",0.60556,{"date":317,"score":107,"percentile":318},"2026-01-24",0.60564,{"date":320,"score":107,"percentile":321},"2026-01-25",0.60529,{"date":323,"score":107,"percentile":324},"2026-01-26",0.6052,{"date":326,"score":107,"percentile":327},"2026-01-27",0.60524,{"date":329,"score":107,"percentile":330},"2026-01-28",0.60536,{"date":332,"score":107,"percentile":333},"2026-01-29",0.60538,{"date":335,"score":107,"percentile":336},"2026-01-30",0.6054,{"date":338,"score":107,"percentile":339},"2026-01-31",0.60546,{"date":341,"score":107,"percentile":342},"2026-02-01",0.60676,[344,351,355],{"source":49,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":345,"cvss_v4_0":9},{"baseScore":346,"baseSeverity":347,"vectorString":348,"impactScore":349,"exploitabilityScore":350},5.3,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",2.3,10,{"source":43,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":352,"cvss_v4_0":9},{"baseScore":41,"baseSeverity":353,"vectorString":44,"impactScore":354,"exploitabilityScore":350},"HIGH",6,{"source":50,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":356,"cvss_v4_0":9},{"baseScore":346,"baseSeverity":9,"vectorString":348,"impactScore":349,"exploitabilityScore":350},[358,371],{"ecosystem":359,"name":360,"vendor":361,"product":362,"cpe_part":9,"purl_type":363,"purl_namespace":361,"purl_name":362,"source":9,"versions":364},"Go","github.com/t2bot/matrix-media-repo","github.com/t2bot","matrix-media-repo","golang",[365],{"version":366,"is_range":367,"range_type":368,"version_start":9,"version_start_type":9,"version_end":369,"version_end_type":370,"fixed_in":9},"lt1_3_8",true,"semver","1.3.8","excluding",{"ecosystem":9,"name":362,"vendor":372,"product":362,"cpe_part":373,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":374},"t2bot","a",[375],{"version":376,"is_range":367,"range_type":377,"version_start":9,"version_start_type":9,"version_end":369,"version_end_type":370,"fixed_in":9},"lt1.3.8","cpe"]