PYSEC-2025-221

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...

PYSEC-2025-220

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

vantage6-algorithm-store (>=4.10.0 <=4.10.2), vantage6-node (>=0.0.0 <=4.10.2) +1 more potentially affected by CVE-2025-43863 via vantage6 (>=0.0.0 <=4.10.2)

vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.10.2 Source cves: CVE-2025-43863 Source advisory: OSV:PYSEC-2025-220...

CVE-2023-22738

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain...

vantage6 安全漏洞

vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in versions of vantage6 prior to 4.5.0 that stems from the ability of collaboration administrators to add additional organizations to their...

vantage6-algorithm-store (>=4.10.0 <=4.15.0rc4), vantage6-node (>=0.0.0 <=4.15.0rc4) +1 more potentially affected by CVE-2024-22193 via vantage6 (>=0.0.0 <=4.1.3)

vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.15.0rc4 Source cves: CVE-2024-22193 Source advisory: OSV:PYSEC-2024-32...

PT-2024-2069 · Nginx +1 · Nginx +1

Name of the Vulnerable Software and Affected Versions: vantage6-UI versions prior to 4.2.0 Description: The issue is related to insufficient protection of service data in the vantage6-UI interface, which can allow a remote attacker to gain unauthorized access to protected information. The docker...

PYSEC-2023-304

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. In affected versions a node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a...

PYSEC-2023-196

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

PYSEC-2023-196

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

vantage6 Code Issue Vulnerability

vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A code issue vulnerability exists in versions prior to vantage6 3.3.6 that stems from deleting a collaboration without deleting the linked resources e.g., tasks in that...

vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-23929 via vantage6 (>=0.0.0 <=3.7.3)

vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-23929 Source advisory: OSV:PYSEC-2023-54...