Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/nvflare@1.0.2

Type pypi

Namespace

Name nvflare

Version 1.0.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.7.2

Latest_non_vulnerable_version 2.7.2

Affected_by_vulnerabilities

url VCID-1dyc-w4vr-87fg

vulnerability_id VCID-1dyc-w4vr-87fg

summary NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24178

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48527
published_at	2026-06-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4839
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24178

reference_url

https://github.com/advisories/GHSA-jqp3-qrgh-4846

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jqp3-qrgh-4846

reference_url

https://github.com/NVIDIA/NVFlare

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2026-100.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2026-100.yaml

reference_url

https://nvidia.custhelp.com/app/answers/detail/a_id/5819

reference_id

5819

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:42:52Z/

url

https://nvidia.custhelp.com/app/answers/detail/a_id/5819

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24178

reference_id

CVE-2026-24178

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:42:52Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24178

reference_url

https://www.cve.org/CVERecord?id=CVE-2026-24178

reference_id

CVERecord?id=CVE-2026-24178

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:42:52Z/

url

https://www.cve.org/CVERecord?id=CVE-2026-24178

fixed_packages

url	pkg:pypi/nvflare@2.7.2
purl	pkg:pypi/nvflare@2.7.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.7.2

aliases CVE-2026-24178, GHSA-jqp3-qrgh-4846, PYSEC-2026-100

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1dyc-w4vr-87fg

url VCID-4k7s-bxw9-4qer

vulnerability_id VCID-4k7s-bxw9-4qer

summary Unsafe deserialisation in the PKI implementation scheme of NVFlare

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31604

reference_id

reference_type

scores

value	0.02435
scoring_system	epss
scoring_elements	0.8554
published_at	2026-06-12T12:55:00Z

value	0.02435
scoring_system	epss
scoring_elements	0.85489
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31604

reference_url

https://github.com/NVIDIA/NVFlare

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare

reference_url

https://github.com/NVIDIA/NVFlare/commit/fd018eea9dff925a765079a94c2f017920fcda67

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/commit/fd018eea9dff925a765079a94c2f017920fcda67

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-231.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-231.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31604

reference_id

CVE-2022-31604

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31604

reference_url

https://github.com/advisories/GHSA-rcxc-3w2m-mp8h

reference_id

GHSA-rcxc-3w2m-mp8h

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rcxc-3w2m-mp8h

reference_url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h

reference_id

GHSA-rcxc-3w2m-mp8h

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h

fixed_packages

url pkg:pypi/nvflare@2.1.2

purl pkg:pypi/nvflare@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1dyc-w4vr-87fg

vulnerability	VCID-qwpq-4ac7-qkhk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.1.2

aliases CVE-2022-31604, GHSA-rcxc-3w2m-mp8h, PYSEC-2022-231

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4k7s-bxw9-4qer

url VCID-qwpq-4ac7-qkhk

vulnerability_id VCID-qwpq-4ac7-qkhk

summary NVFLARE unsafe deserialization due to Pickle

references

reference_url

http://packetstormsecurity.com/files/171483/NVFLARE-Unsafe-Deserialization.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/171483/NVFLARE-Unsafe-Deserialization.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34668

reference_id

reference_type

scores

value	0.2245
scoring_system	epss
scoring_elements	0.95963
published_at	2026-06-11T12:55:00Z

value	0.2245
scoring_system	epss
scoring_elements	0.95975
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34668

reference_url

https://github.com/NVIDIA/NVFlare

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare

reference_url

https://github.com/NVIDIA/NVFlare/commit/6cde16f3f4711583ae4d896dfcc125d25c7d5b0d

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/commit/6cde16f3f4711583ae4d896dfcc125d25c7d5b0d

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-257.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-257.yaml

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/remote/51051.txt
reference_id	CVE-2022-34668
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/remote/51051.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-34668

reference_id

CVE-2022-34668

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-34668

reference_url

https://github.com/advisories/GHSA-6qv6-q77g-7qm6

reference_id

GHSA-6qv6-q77g-7qm6

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6qv6-q77g-7qm6

reference_url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-6qv6-q77g-7qm6

reference_id

GHSA-6qv6-q77g-7qm6

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-6qv6-q77g-7qm6

fixed_packages

url pkg:pypi/nvflare@2.1.4

purl pkg:pypi/nvflare@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1dyc-w4vr-87fg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.1.4

aliases CVE-2022-34668, GHSA-6qv6-q77g-7qm6, PYSEC-2022-257

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwpq-4ac7-qkhk

url VCID-vgy5-cuxd-uud2

vulnerability_id VCID-vgy5-cuxd-uud2

summary Unsafe yaml deserialization in NVFlare

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31605

reference_id

reference_type

scores

value	0.02435
scoring_system	epss
scoring_elements	0.8554
published_at	2026-06-12T12:55:00Z

value	0.02435
scoring_system	epss
scoring_elements	0.85489
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31605

reference_url

https://github.com/NVIDIA/NVFlare

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare

reference_url

https://github.com/NVIDIA/NVFlare/commit/4de9782697ecb12f39bcae83221bd8d3498959be

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/commit/4de9782697ecb12f39bcae83221bd8d3498959be

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-232.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-232.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31605

reference_id

CVE-2022-31605

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31605

reference_url

https://github.com/advisories/GHSA-hrf3-622q-8366

reference_id

GHSA-hrf3-622q-8366

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hrf3-622q-8366

reference_url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-hrf3-622q-8366

reference_id

GHSA-hrf3-622q-8366

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-hrf3-622q-8366

fixed_packages

url pkg:pypi/nvflare@2.1.2

purl pkg:pypi/nvflare@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1dyc-w4vr-87fg

vulnerability	VCID-qwpq-4ac7-qkhk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.1.2

aliases CVE-2022-31605, GHSA-hrf3-622q-8366, PYSEC-2022-232

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgy5-cuxd-uud2

url VCID-w8k4-8rc1-hbey

vulnerability_id VCID-w8k4-8rc1-hbey

summary Allocation of Resources Without Limits or Throttling in nvflare

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21822

reference_id

reference_type

scores

value	0.00446
scoring_system	epss
scoring_elements	0.63883
published_at	2026-06-11T12:55:00Z

value	0.00446
scoring_system	epss
scoring_elements	0.63985
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21822

reference_url

https://github.com/NVIDIA/NVFlare

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-21822

reference_id

CVE-2022-21822

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21822

reference_url

https://github.com/advisories/GHSA-jx8f-cpx7-fv47

reference_id

GHSA-jx8f-cpx7-fv47

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jx8f-cpx7-fv47

reference_url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-jx8f-cpx7-fv47

reference_id

GHSA-jx8f-cpx7-fv47

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-jx8f-cpx7-fv47

fixed_packages

url pkg:pypi/nvflare@2.0.16

purl pkg:pypi/nvflare@2.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1dyc-w4vr-87fg

vulnerability	VCID-4k7s-bxw9-4qer

vulnerability	VCID-qwpq-4ac7-qkhk

vulnerability	VCID-vgy5-cuxd-uud2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.16

aliases CVE-2022-21822, GHSA-jx8f-cpx7-fv47

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8k4-8rc1-hbey

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@1.0.2

Package Instance