Search for packages
| purl | pkg:pypi/vantage6-server@4.3.4rc3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6jat-4q94-nkhx
Aliases: CVE-2025-43866 GHSA-m3mq-f375-5vgh PYSEC-2025-221 |
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T05:52:27.785365+00:00 | GitLab Importer | Affected by | VCID-6jat-4q94-nkhx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/vantage6-server/CVE-2025-43866.yml | 38.6.0 |
| 2026-06-05T17:04:36.885210+00:00 | PyPI Importer | Affected by | VCID-6jat-4q94-nkhx | https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip | 38.6.0 |
| 2026-06-02T04:23:10.644632+00:00 | Pypa Importer | Affected by | VCID-6jat-4q94-nkhx | https://github.com/pypa/advisory-database/blob/main/vulns/vantage6-server/PYSEC-2025-221.yaml | 38.6.0 |