Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/vantage6@4.10.0rc1

Type pypi

Namespace

Name vantage6

Version 4.10.0rc1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.11.0

Latest_non_vulnerable_version 4.11.0

Affected_by_vulnerabilities

url VCID-cc7t-us5t-ffbb

vulnerability_id VCID-cc7t-us5t-ffbb

summary vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11.

references

reference_url

https://github.com/vantage6/vantage6/security/advisories/GHSA-j6g5-p62x-58hw

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/vantage6/vantage6/security/advisories/GHSA-j6g5-p62x-58hw

fixed_packages

url	pkg:pypi/vantage6@4.11.0
purl	pkg:pypi/vantage6@4.11.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.11.0

aliases CVE-2025-43863, GHSA-j6g5-p62x-58hw, PYSEC-2025-220

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cc7t-us5t-ffbb

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.10.0rc1

Package Instance