vantage6
PyPI19 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting vantage6page 1 of 1
- CVE-2022-39228MEDIUMCVSS 5.3EG 5.3✓ Fixed in 3.8.02023-03-01
vulnerable: 3.3.3 ... 3.8.0rc3 (45 versions)
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots fr…
- CVE-2023-22738MEDIUMCVSS 6.3EG 6.3✓ Fixed in 3.8.0rc32023-03-01
vulnerable: 0.0.0 ... 3.7.3 (146 versions)
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is…
- CVE-2023-23929HIGHCVSS 8.8EG 8.8✓ Fixed in 3.8.02023-03-04
vulnerable: 0.0.0 ... 3.8.0rc3 (150 versions)
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0…
- CVE-2023-23930MEDIUMCVSS 5.5EG 5.5✓ Fixed in 4.0.22023-10-11
vulnerable: 0.0.0 ... 4.0.1rc2 (189 versions)
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tas…
- CVE-2023-28635MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.0.02023-10-11
vulnerable: 0.0.0 ... 4.0.0a9 (186 versions)
vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this …
- CVE-2023-41881MEDIUMCVSS 4.3EG 3.7✓ Fixed in 4.0.02023-10-11
vulnerable: 0.0.0 ... 4.0.0a9 (186 versions)
vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent …
- CVE-2023-41882MEDIUMCVSS 4.3EG 5.4✓ Fixed in 4.0.02023-10-11
vulnerable: 0.0.0 ... 4.0.0a9 (186 versions)
vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaborati…
- CVE-2024-21649HIGHCVSS 8.8EG 8.8✓ Fixed in 4.2.02024-01-30
vulnerable: 0.0.0 ... 4.2.0rc2 (200 versions)
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables,…
- CVE-2024-21653MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.2.02024-01-30
vulnerable: 0.0.0 ... 4.2.0rc2 (200 versions)
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authen…
- CVE-2024-21671LOWCVSS 3.7EG 3.7✓ Fixed in 4.2.02024-01-30
vulnerable: 0.0.0 ... 4.2.0rc2 (200 versions)
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could …
- CVE-2024-22193LOWCVSS 3.5EG 3.5✓ Fixed in 4.2.02024-01-30
vulnerable: 0.0.0 ... 4.2.0rc2 (200 versions)
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted …
- CVE-2024-23823MEDIUMCVSS 4.2EG 4.2✓ Fixed in 4.3.02024-03-14
vulnerable: 0.0.0 ... 4.3.0rc2 (210 versions)
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for…
- CVE-2024-24769LOWCVSS 2.1EG 2.1✓ Fixed in 5.0.02026-06-05
vulnerable: 0.0.0 ... 5.0.0rc91 (331 versions)
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This giv…
- CVE-2024-24770MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.3.02024-03-14
vulnerable: 0.0.0 ... 4.3.0rc2 (210 versions)
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vant…
- CVE-2024-27928MEDIUMCVSS 5.9EG 5.9✓ Fixed in 5.0.02026-06-05
vulnerable: 0.0.0 ... 5.0.0rc91 (331 versions)
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1) reset the password via email and then 2) reset the 2FA token via emai…
- CVE-2024-32969LOWCVSS 2.7EG 2.7✓ Fixed in 4.5.0rc32024-05-23
vulnerable: 0.0.0 ... 4.4.1 (219 versions)
vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can th…
- CVE-2025-43863CRITICALCVSS 9.8EG 9.8✓ Fixed in 4.11.02025-06-12
vulnerable: 0.0.0 ... 4.9.1 (258 versions)
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force th…
- CVE-2026-54445MEDIUMCVSS 6.9EG 6.9✓ Fixed in 5.0.02026-06-05
vulnerable: 0.0.0 ... 5.0.0rc91 (331 versions)
vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username `root` and password `root`. This is not ideal because attackers know that almost all vantage6 servers …
- CVE-2026-54533MEDIUMCVSS 6.9EG 6.9✓ Fixed in 5.0.02026-06-05
vulnerable: 0.0.0 ... 5.0.0rc91 (331 versions)
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify …
Check whether vantage6 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for vantage6 CVEs against the assets you own.
Start Free Scan →