PyPI package
vantage6-server
pkg:pypi/vantage6-server
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-43866 | — | < 4.11.0 | 4.11.0 | Jun 12, 2025 | vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vu | ||
| CVE-2024-21671 | — | < 4.2.0 | 4.2.0 | Jan 30, 2024 | The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Ver | ||
| CVE-2023-47631 | — | < 4.1.2 | 4.1.2 | Nov 14, 2023 | vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a `parent_id` is set. A malicious party that breaches the server |
- CVE-2025-43866Jun 12, 2025affected < 4.11.0fixed 4.11.0
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vu
- CVE-2024-21671Jan 30, 2024affected < 4.2.0fixed 4.2.0
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Ver
- CVE-2023-47631Nov 14, 2023affected < 4.1.2fixed 4.1.2
vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a `parent_id` is set. A malicious party that breaches the server