Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/vantage6@4.3.0b4

Type pypi

Namespace

Name vantage6

Version 4.3.0b4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.11.0

Latest_non_vulnerable_version 5.0.0

Affected_by_vulnerabilities

url VCID-357c-df3v-h7b6

vulnerability_id VCID-357c-df3v-h7b6

summary vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`. These routes send emails to users if they have lost their password or MFA token. This issue has been addressed in commit `aecfd6d0e` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-24770

reference_id

reference_type

scores

value	0.00198
scoring_system	epss
scoring_elements	0.41986
published_at	2026-06-14T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41996
published_at	2026-06-13T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41976
published_at	2026-06-12T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41812
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-24770

reference_url

https://github.com/vantage6/vantage6

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vantage6/vantage6

reference_url

https://github.com/vantage6/vantage6/commit/aecfd6d0e83165a41a60ebd52d2287b0217be26b

reference_id

aecfd6d0e83165a41a60ebd52d2287b0217be26b

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:16:22Z/

url

https://github.com/vantage6/vantage6/commit/aecfd6d0e83165a41a60ebd52d2287b0217be26b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-24770

reference_id

CVE-2024-24770

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-24770

reference_url

https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53

reference_id

GHSA-45gq-q4xh-cp53

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:16:22Z/

url

https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53

reference_url

https://github.com/advisories/GHSA-5h3x-6gwf-73jm

reference_id

GHSA-5h3x-6gwf-73jm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5h3x-6gwf-73jm

reference_url

https://github.com/vantage6/vantage6/security/advisories/GHSA-5h3x-6gwf-73jm

reference_id

GHSA-5h3x-6gwf-73jm

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:16:22Z/

url

https://github.com/vantage6/vantage6/security/advisories/GHSA-5h3x-6gwf-73jm

fixed_packages

url pkg:pypi/vantage6@4.3.0

purl pkg:pypi/vantage6@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8ngj-b1za-nkce

vulnerability	VCID-cmv9-8jyt-guht

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.3.0

aliases CVE-2024-24770, GHSA-5h3x-6gwf-73jm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-357c-df3v-h7b6

url VCID-3xsq-dfwf-f7ce

vulnerability_id VCID-3xsq-dfwf-f7ce

summary vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit `70bb4e1d8` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23823

reference_id

reference_type

scores

value	0.00197
scoring_system	epss
scoring_elements	0.41694
published_at	2026-06-14T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41686
published_at	2026-06-12T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.4152
published_at	2026-06-11T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41704
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23823

reference_url

https://github.com/vantage6/vantage6

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vantage6/vantage6

reference_url

https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41

reference_id

70bb4e1d889230a841eb364d6c03accd7dd01a41

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:18:24Z/

url

https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23823

reference_id

CVE-2024-23823

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23823

reference_url

https://github.com/advisories/GHSA-4946-85pr-fvxh

reference_id

GHSA-4946-85pr-fvxh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4946-85pr-fvxh

reference_url

https://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh

reference_id

GHSA-4946-85pr-fvxh

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:18:24Z/

url

https://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh

fixed_packages

url pkg:pypi/vantage6@4.3.0

purl pkg:pypi/vantage6@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8ngj-b1za-nkce

vulnerability	VCID-cmv9-8jyt-guht

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.3.0

aliases CVE-2024-23823, GHSA-4946-85pr-fvxh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xsq-dfwf-f7ce

url VCID-8ngj-b1za-nkce

vulnerability_id VCID-8ngj-b1za-nkce

summary vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in. This is only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact. This vulnerability was patched in version 4.5.0rc3.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-32969

reference_id

reference_type

scores

value	0.00197
scoring_system	epss
scoring_elements	0.41729
published_at	2026-06-14T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41721
published_at	2026-06-12T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41555
published_at	2026-06-11T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.4174
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-32969

reference_url

https://github.com/vantage6/vantage6

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/vantage6/vantage6

reference_url

https://github.com/vantage6/vantage6/commit/27f4ee3fade5f4cbcf3e60899c9a2a91145e0b56

reference_id

27f4ee3fade5f4cbcf3e60899c9a2a91145e0b56

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-23T15:35:32Z/

url

https://github.com/vantage6/vantage6/commit/27f4ee3fade5f4cbcf3e60899c9a2a91145e0b56

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-32969

reference_id

CVE-2024-32969

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-32969

reference_url

https://github.com/advisories/GHSA-99r4-cjp4-3hmx

reference_id

GHSA-99r4-cjp4-3hmx

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-99r4-cjp4-3hmx

reference_url

https://github.com/vantage6/vantage6/security/advisories/GHSA-99r4-cjp4-3hmx

reference_id

GHSA-99r4-cjp4-3hmx

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-23T15:35:32Z/

url

https://github.com/vantage6/vantage6/security/advisories/GHSA-99r4-cjp4-3hmx

fixed_packages

url pkg:pypi/vantage6@4.5.0rc3

purl pkg:pypi/vantage6@4.5.0rc3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cmv9-8jyt-guht

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.5.0rc3

aliases CVE-2024-32969, GHSA-99r4-cjp4-3hmx

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ngj-b1za-nkce

url VCID-cmv9-8jyt-guht

vulnerability_id VCID-cmv9-8jyt-guht

summary vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43863

reference_id

reference_type

scores

value	0.00316
scoring_system	epss
scoring_elements	0.55217
published_at	2026-06-13T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.55204
published_at	2026-06-14T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.55079
published_at	2026-06-11T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.552
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43863

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2025-220.yaml

reference_id

reference_type

scores

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2025-220.yaml

reference_url

https://github.com/vantage6/vantage6

reference_id

reference_type

scores

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/vantage6/vantage6

reference_url

https://github.com/vantage6/vantage6/commit/e0f1841b310f6f610e8137db2506cf683ce154d0

reference_id

reference_type

scores

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/vantage6/vantage6/commit/e0f1841b310f6f610e8137db2506cf683ce154d0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43863

reference_id

reference_type

scores

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43863

reference_url

https://github.com/advisories/GHSA-j6g5-p62x-58hw

reference_id

GHSA-j6g5-p62x-58hw

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j6g5-p62x-58hw

reference_url

https://github.com/vantage6/vantage6/security/advisories/GHSA-j6g5-p62x-58hw

reference_id

GHSA-j6g5-p62x-58hw

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T17:54:31Z/

url

https://github.com/vantage6/vantage6/security/advisories/GHSA-j6g5-p62x-58hw

fixed_packages

url	pkg:pypi/vantage6@4.11.0
purl	pkg:pypi/vantage6@4.11.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.11.0

url	pkg:pypi/vantage6@5.0.0a0
purl	pkg:pypi/vantage6@5.0.0a0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@5.0.0a0

aliases CVE-2025-43863, GHSA-j6g5-p62x-58hw, PYSEC-2025-220

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmv9-8jyt-guht

Fixing_vulnerabilities

Risk_score 4.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.3.0b4

Package Instance