VYPR

PyPI package

vantage6-server

pkg:pypi/vantage6-server

Vulnerabilities (3)

  • CVE-2025-43866Jun 12, 2025
    affected < 4.11.0fixed 4.11.0

    vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vu

  • CVE-2024-21671Jan 30, 2024
    affected < 4.2.0fixed 4.2.0

    The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Ver

  • CVE-2023-47631Nov 14, 2023
    affected < 4.1.2fixed 4.1.2

    vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a `parent_id` is set. A malicious party that breaches the server