vantage6-server

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting vantage6-serverpage 1 of 1

CVE-2023-47631HIGHCVSS 7.2EG 7.2✓ Fixed in 4.1.2
2023-11-14
vulnerable: 0.0.0 ... 4.1.1 (195 versions)
vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a `parent_id` is set. A…
CVE-2024-21653MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.2.0
2024-01-30
vulnerable: 0.0.0 ... 4.2.0rc2 (199 versions)
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authen…
CVE-2024-21671LOWCVSS 3.7EG 3.7✓ Fixed in 4.2.0
2024-01-30
vulnerable: 0.0.0 ... 4.2.0rc2 (199 versions)
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could …
CVE-2025-43866HIGHCVSS 7.5EG 7.5✓ Fixed in 4.11.0
2025-06-12
vulnerable: 0.0.0 ... 4.9.1 (257 versions)
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as …

Check whether vantage6-server is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for vantage6-server CVEs against the assets you own.

Start Free Scan →