VulnerableCode Package Details - pkg:pypi/nvflare@2.0.16

Search for packages

Vulnerability	Summary	Fixed by
VCID-ckay-6d62-ekb6 Aliases: CVE-2022-31605 GHSA-hrf3-622q-8366 GMS-2022-2629 PYSEC-2022-232	NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.	2.1.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hent-veuq-mfga Aliases: CVE-2026-24178 PYSEC-2026-100	NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.	2.7.2 Affected by 0 other vulnerabilities.
VCID-hqup-r5bc-z3gk Aliases: CVE-2022-34668 GHSA-6qv6-q77g-7qm6 PYSEC-2022-257	NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.	2.1.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wps3-9req-s7bt Aliases: CVE-2022-31604 GHSA-rcxc-3w2m-mp8h GMS-2022-2730 PYSEC-2022-231	NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.	2.1.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-ckay-6d62-ekb6
Aliases:
CVE-2022-31605
GHSA-hrf3-622q-8366
GMS-2022-2629
PYSEC-2022-232

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

2.1.2
Affected by 2 other vulnerabilities.

VCID-hent-veuq-mfga
Aliases:
CVE-2026-24178
PYSEC-2026-100

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

2.7.2
Affected by 0 other vulnerabilities.

VCID-hqup-r5bc-z3gk
Aliases:
CVE-2022-34668
GHSA-6qv6-q77g-7qm6
PYSEC-2022-257

NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

2.1.4
Affected by 1 other vulnerability.

VCID-wps3-9req-s7bt
Aliases:
CVE-2022-31604
GHSA-rcxc-3w2m-mp8h
GMS-2022-2730
PYSEC-2022-231

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

2.1.2
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-g8cz-vwk7-sucr	Allocation of Resources Without Limits or Throttling in nvflare NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable.	CVE-2022-21822 GHSA-jx8f-cpx7-fv47

Vulnerability

Summary

Aliases

VCID-g8cz-vwk7-sucr

Allocation of Resources Without Limits or Throttling in nvflare NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable.

CVE-2022-21822
GHSA-jx8f-cpx7-fv47

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T02:47:54.131832+00:00	GitLab Importer	Affected by	VCID-hqup-r5bc-z3gk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/nvflare/CVE-2022-34668.yml	38.6.0
2026-06-06T02:40:05.237167+00:00	GitLab Importer	Affected by	VCID-ckay-6d62-ekb6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/nvflare/CVE-2022-31605.yml	38.6.0
2026-06-06T02:39:55.325928+00:00	GitLab Importer	Affected by	VCID-wps3-9req-s7bt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/nvflare/CVE-2022-31604.yml	38.6.0
2026-06-05T21:21:14.891593+00:00	GHSA Importer	Fixing	VCID-g8cz-vwk7-sucr	https://github.com/advisories/GHSA-jx8f-cpx7-fv47	38.6.0
2026-06-05T17:05:22.970855+00:00	PyPI Importer	Affected by	VCID-hent-veuq-mfga	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T17:02:07.592027+00:00	PyPI Importer	Affected by	VCID-hqup-r5bc-z3gk	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T17:02:04.416002+00:00	PyPI Importer	Affected by	VCID-wps3-9req-s7bt	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T17:02:04.356324+00:00	PyPI Importer	Affected by	VCID-ckay-6d62-ekb6	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-04T17:52:33.436794+00:00	GithubOSV Importer	Fixing	VCID-g8cz-vwk7-sucr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-jx8f-cpx7-fv47/GHSA-jx8f-cpx7-fv47.json	38.6.0
2026-06-02T04:41:51.034627+00:00	GitLab Importer	Fixing	VCID-g8cz-vwk7-sucr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/nvflare/CVE-2022-21822.yml	38.6.0
2026-06-02T04:24:55.929875+00:00	Pypa Importer	Affected by	VCID-hent-veuq-mfga	https://github.com/pypa/advisory-database/blob/main/vulns/nvflare/PYSEC-2026-100.yaml	38.6.0
2026-06-02T04:17:34.855638+00:00	Pypa Importer	Affected by	VCID-hqup-r5bc-z3gk	https://github.com/pypa/advisory-database/blob/main/vulns/nvflare/PYSEC-2022-257.yaml	38.6.0
2026-06-02T04:17:27.331985+00:00	Pypa Importer	Affected by	VCID-wps3-9req-s7bt	https://github.com/pypa/advisory-database/blob/main/vulns/nvflare/PYSEC-2022-231.yaml	38.6.0
2026-06-02T04:17:27.194842+00:00	Pypa Importer	Affected by	VCID-ckay-6d62-ekb6	https://github.com/pypa/advisory-database/blob/main/vulns/nvflare/PYSEC-2022-232.yaml	38.6.0