Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/nvflare@1.1.0

Type pypi

Namespace

Name nvflare

Version 1.1.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.7.2

Latest_non_vulnerable_version 2.7.2

Affected_by_vulnerabilities

url VCID-ckay-6d62-ekb6

vulnerability_id VCID-ckay-6d62-ekb6

summary NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31605

reference_id

reference_type

scores

value	0.02435
scoring_system	epss
scoring_elements	0.85439
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31605

reference_url

https://github.com/NVIDIA/NVFlare

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare

reference_url

https://github.com/NVIDIA/NVFlare/commit/4de9782697ecb12f39bcae83221bd8d3498959be

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/commit/4de9782697ecb12f39bcae83221bd8d3498959be

reference_url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-hrf3-622q-8366

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-hrf3-622q-8366

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-232.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-232.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31605

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31605

fixed_packages

url pkg:pypi/nvflare@2.1.2

purl pkg:pypi/nvflare@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.1.2

aliases CVE-2022-31605, GHSA-hrf3-622q-8366, PYSEC-2022-232

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckay-6d62-ekb6

url VCID-hent-veuq-mfga

vulnerability_id VCID-hent-veuq-mfga

summary NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

references

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24178

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24178

reference_url

https://nvidia.custhelp.com/app/answers/detail/a_id/5819

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvidia.custhelp.com/app/answers/detail/a_id/5819

reference_url

https://www.cve.org/CVERecord?id=CVE-2026-24178

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://www.cve.org/CVERecord?id=CVE-2026-24178

fixed_packages

url	pkg:pypi/nvflare@2.7.2
purl	pkg:pypi/nvflare@2.7.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.7.2

aliases CVE-2026-24178, PYSEC-2026-100

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hent-veuq-mfga

url VCID-hqup-r5bc-z3gk

vulnerability_id VCID-hqup-r5bc-z3gk

summary NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

references

reference_url

http://packetstormsecurity.com/files/171483/NVFLARE-Unsafe-Deserialization.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/171483/NVFLARE-Unsafe-Deserialization.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34668

reference_id

reference_type

scores

value	0.2245
scoring_system	epss
scoring_elements	0.95941
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34668

reference_url

https://github.com/NVIDIA/NVFlare

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare

reference_url

https://github.com/NVIDIA/NVFlare/commit/6cde16f3f4711583ae4d896dfcc125d25c7d5b0d

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/commit/6cde16f3f4711583ae4d896dfcc125d25c7d5b0d

reference_url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-6qv6-q77g-7qm6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-6qv6-q77g-7qm6

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-257.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-257.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-34668

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-34668

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/remote/51051.txt
reference_id	CVE-2022-34668
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/remote/51051.txt

fixed_packages

url pkg:pypi/nvflare@2.1.4

purl pkg:pypi/nvflare@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hent-veuq-mfga

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.1.4

aliases CVE-2022-34668, GHSA-6qv6-q77g-7qm6, PYSEC-2022-257

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqup-r5bc-z3gk

url VCID-wps3-9req-s7bt

vulnerability_id VCID-wps3-9req-s7bt

summary NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31604

reference_id

reference_type

scores

value	0.02435
scoring_system	epss
scoring_elements	0.85439
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31604

reference_url

https://github.com/NVIDIA/NVFlare

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare

reference_url

https://github.com/NVIDIA/NVFlare/commit/fd018eea9dff925a765079a94c2f017920fcda67

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/commit/fd018eea9dff925a765079a94c2f017920fcda67

reference_url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-231.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-231.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31604

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31604

fixed_packages

url pkg:pypi/nvflare@2.1.2

purl pkg:pypi/nvflare@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.1.2

aliases CVE-2022-31604, GHSA-rcxc-3w2m-mp8h, PYSEC-2022-231

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wps3-9req-s7bt

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@1.1.0

Package Instance