21 matches found
vantage6-algorithm-store (>=4.3.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2026-54445 via vantage6 (>=0.0.0 <=4.9.1)
vantage6 PYPI version =0.0.0, =4.3.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2026-54445 Source advisory: OSV:GHSA-FGMC-2HQJ-86V4...
EUVD-2025-18201
Malicious code in bioql PyPI...
Vantage6 Server JWT secret not cryptographically secure
Impact The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent Patches No Workarounds You may define JWT secret key in the server configuration file...
GHSA-M3MQ-F375-5VGH Vantage6 Server JWT secret not cryptographically secure
Impact The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent Patches No Workarounds You may define JWT secret key in the server configuration file...
vantage6-algorithm-store (>=4.10.0 <=4.10.2), vantage6-node (>=0.0.0 <=4.10.2) +1 more potentially affected by CVE-2025-43863 via vantage6 (>=0.0.0 <=4.10.2)
vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.10.2 Source cves: CVE-2025-43863 Source advisory: OSV:GHSA-J6G5-P62X-58HW...
Insecure Randomness
Overview vantage6-server is a Vantage6 server Affected versions of this package are vulnerable to Insecure Randomness via the configureflask function, due to the predictable nature of the auto-generated secret key, an attacker can determine it and forge valid security tokens. This allows them to...
CVE-2025-43866 Vantage6 Server JWT secret not cryptographically secure
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...
CVE-2025-43866 Vantage6 Server JWT secret not cryptographically secure
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...
Brute Force
Overview vantage6-server is a Vantage6 server Affected versions of this package are vulnerable to Brute Force due to a lack of rate limiting on the password change functionality. An attacker who has gained access to an authenticated session can attempt to brute-force the user's password. They can...
vantage6-algorithm-store (>=4.3.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2024-32969 via vantage6 (>=0.0.0 <=4.5.0)
vantage6 PYPI version =0.0.0, =4.3.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2024-32969 Source advisory: OSV:GHSA-99R4-CJP4-3HMX...
PT-2024-20105
Name of the Vulnerable Software and Affected Versions vantage6 affected versions not specified Description The vantage6 server has no restrictions on CORS settings, which should be configurable to set allowed origins. The impact is limited because v6 does not use session cookies. Recommendations ...
vantage6-algorithm-store (>=4.10.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2024-22193 via vantage6 (>=0.0.0 <=4.1.3)
vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2024-22193 Source advisory: OSV:GHSA-RJMV-52MP-GJRR...
vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-28635 via vantage6 (>=0.0.0 <=3.9.0rc4)
vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-28635 Source advisory: OSV:GHSA-7X94-6G2M-3HP2...
vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-41882 via vantage6 (>=0.0.0 <=3.9.0rc4)
vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-41882 Source advisory: OSV:GHSA-GC57-XHH5-M94R...
vantage6-node (>=0.0.0 <=4.0.1rc2), vantage6-server (>=0.0.0 <=4.0.1rc2) potentially affected by CVE-2023-23930 via vantage6 (>=0.0.0 <=4.0.1rc2)
vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =4.0.1rc2 Source cves: CVE-2023-23930 Source advisory: OSV:GHSA-5M22-CFQ9-86X6...
Improper Access Control
vantage6-server is vulnerable to Improper Access Control. The vulnerability is due to improper permission checks in the /api/collaboration/id/task endpoint which retrieves tasks from a collaboration. Vantage only checks if the user has permission to view the collaboration, but should also check i...
vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-41881 via vantage6 (>=0.0.0 <=3.9.0rc4)
vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-41881 Source advisory: OSV:PYSEC-2023-200...
vantage6-node (>=3.7.0 <=3.8.0), vantage6-server (>=3.7.0 <=3.8.0) potentially affected by CVE-2023-22738 via vantage6 (>=3.7.0 <=3.8.0)
vantage6 PYPI version =3.7.0, =3.7.0, =3.7.0, =3.8.0 Source cves: CVE-2023-22738 Source advisory: OSV:PYSEC-2023-53...
vantage6-node (>=3.3.3 <=3.7.3), vantage6-server (>=3.3.3 <=3.7.3) potentially affected by CVE-2022-39228 via vantage6 (>=3.3.3 <=3.7.3)
vantage6 PYPI version =3.3.3, =3.3.3, =3.3.3, =3.7.3 Source cves: CVE-2022-39228 Source advisory: OSV:PYSEC-2023-313...
vantage6-node (>=3.3.3 <=3.7.3), vantage6-server (>=3.3.3 <=3.7.3) potentially affected by CVE-2022-39228 via vantage6 (>=3.3.3 <=3.7.3)
vantage6 PYPI version =3.3.3, =3.3.3, =3.3.3, =3.7.3 Source cves: CVE-2022-39228 Source advisory: OSV:PYSEC-2023-52...