vantage6
PyPI15 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting vantage6page 1 of 1
- CVE-2022-39228MEDIUMCVSS 5.3EG 5.3✓ Fixed in 3.8.02023-03-01
vulnerable: 3.3.3 ... 3.8.0rc3 (45 versions)
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots fr…
- CVE-2023-22738MEDIUMCVSS 6.3EG 6.3✓ Fixed in 3.8.0rc32023-03-01
vulnerable: 0.0.0 ... 3.7.3 (146 versions)
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is…
- CVE-2023-23929HIGHCVSS 8.8EG 8.8✓ Fixed in 3.8.02023-03-04
vulnerable: 0.0.0 ... 3.8.0rc3 (150 versions)
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0…
- CVE-2023-23930MEDIUMCVSS 5.5EG 5.5✓ Fixed in 4.0.22023-10-11
vulnerable: 0.0.0 ... 4.0.1rc2 (189 versions)
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tas…
- CVE-2023-28635MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.0.02023-10-11
vulnerable: 0.0.0 ... 4.0.0a9 (186 versions)
vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this …
- CVE-2023-41881LOWCVSS 3.7EG 3.7✓ Fixed in 4.0.02023-10-11
vulnerable: 0.0.0 ... 4.0.0a9 (186 versions)
vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent …
- CVE-2023-41882MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.0.02023-10-11
vulnerable: 0.0.0 ... 4.0.0a9 (186 versions)
vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaborati…
- CVE-2024-21649HIGHCVSS 8.8EG 8.8✓ Fixed in 4.2.02024-01-30
vulnerable: 0.0.0 ... 4.2.0rc2 (200 versions)
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables,…
- CVE-2024-21653MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.2.02024-01-30
vulnerable: 0.0.0 ... 4.2.0rc2 (200 versions)
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authen…
- CVE-2024-21671LOWCVSS 3.7EG 3.7✓ Fixed in 4.2.02024-01-30
vulnerable: 0.0.0 ... 4.2.0rc2 (200 versions)
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could …
- CVE-2024-22193LOWCVSS 3.5EG 3.5✓ Fixed in 4.2.02024-01-30
vulnerable: 0.0.0 ... 4.2.0rc2 (200 versions)
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted …
- CVE-2024-23823MEDIUMCVSS 4.2EG 4.2✓ Fixed in 4.3.02024-03-14
vulnerable: 0.0.0 ... 4.3.0rc2 (210 versions)
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for…
- CVE-2024-24770MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.3.02024-03-14
vulnerable: 0.0.0 ... 4.3.0rc2 (210 versions)
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vant…
- CVE-2024-32969LOWCVSS 2.7EG 2.7✓ Fixed in 4.5.0rc32024-05-23
vulnerable: 0.0.0 ... 4.4.1 (219 versions)
vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can th…
- CVE-2025-43863CRITICALCVSS 9.8EG 9.8✓ Fixed in 4.11.02025-06-12
vulnerable: 0.0.0 ... 4.9.1 (258 versions)
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force th…
Check whether vantage6 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for vantage6 CVEs against the assets you own.
Start Free Scan →