Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/nvflare@0.9.0
Typepypi
Namespace
Namenvflare
Version0.9.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.7.2
Latest_non_vulnerable_version2.7.2
Affected_by_vulnerabilities
0
url VCID-ckay-6d62-ekb6
vulnerability_id VCID-ckay-6d62-ekb6
summary NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.
references
0
reference_url https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-hrf3-622q-8366
reference_id
reference_type
scores
url https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-hrf3-622q-8366
fixed_packages
0
url pkg:pypi/nvflare@2.1.2
purl pkg:pypi/nvflare@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hent-veuq-mfga
1
vulnerability VCID-hqup-r5bc-z3gk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.1.2
aliases CVE-2022-31605, GHSA-hrf3-622q-8366, PYSEC-2022-232
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckay-6d62-ekb6
1
url VCID-hent-veuq-mfga
vulnerability_id VCID-hent-veuq-mfga
summary NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24178
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2026-24178
1
reference_url https://nvidia.custhelp.com/app/answers/detail/a_id/5819
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://nvidia.custhelp.com/app/answers/detail/a_id/5819
2
reference_url https://www.cve.org/CVERecord?id=CVE-2026-24178
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.cve.org/CVERecord?id=CVE-2026-24178
fixed_packages
0
url pkg:pypi/nvflare@2.7.2
purl pkg:pypi/nvflare@2.7.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.7.2
aliases CVE-2026-24178, PYSEC-2026-100
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hent-veuq-mfga
2
url VCID-hqup-r5bc-z3gk
vulnerability_id VCID-hqup-r5bc-z3gk
summary NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.
references
0
reference_url https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-6qv6-q77g-7qm6
reference_id
reference_type
scores
url https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-6qv6-q77g-7qm6
fixed_packages
0
url pkg:pypi/nvflare@2.1.4
purl pkg:pypi/nvflare@2.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hent-veuq-mfga
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.1.4
aliases CVE-2022-34668, GHSA-6qv6-q77g-7qm6, PYSEC-2022-257
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqup-r5bc-z3gk
3
url VCID-wps3-9req-s7bt
vulnerability_id VCID-wps3-9req-s7bt
summary NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.
references
0
reference_url https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h
reference_id
reference_type
scores
url https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h
fixed_packages
0
url pkg:pypi/nvflare@2.1.2
purl pkg:pypi/nvflare@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hent-veuq-mfga
1
vulnerability VCID-hqup-r5bc-z3gk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.1.2
aliases CVE-2022-31604, GHSA-rcxc-3w2m-mp8h, PYSEC-2022-231
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wps3-9req-s7bt
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@0.9.0