Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/vantage6@4.3.2rc2
Typepypi
Namespace
Namevantage6
Version4.3.2rc2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.11.0
Latest_non_vulnerable_version5.0.0
Affected_by_vulnerabilities
0
url VCID-8ngj-b1za-nkce
vulnerability_id VCID-8ngj-b1za-nkce
summary vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in. This is only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact. This vulnerability was patched in version 4.5.0rc3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32969
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41729
published_at 2026-06-14T12:55:00Z
1
value 0.00197
scoring_system epss
scoring_elements 0.41721
published_at 2026-06-12T12:55:00Z
2
value 0.00197
scoring_system epss
scoring_elements 0.41555
published_at 2026-06-11T12:55:00Z
3
value 0.00197
scoring_system epss
scoring_elements 0.4174
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32969
1
reference_url https://github.com/vantage6/vantage6
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vantage6/vantage6
2
reference_url https://github.com/vantage6/vantage6/commit/27f4ee3fade5f4cbcf3e60899c9a2a91145e0b56
reference_id 27f4ee3fade5f4cbcf3e60899c9a2a91145e0b56
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-23T15:35:32Z/
url https://github.com/vantage6/vantage6/commit/27f4ee3fade5f4cbcf3e60899c9a2a91145e0b56
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32969
reference_id CVE-2024-32969
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32969
4
reference_url https://github.com/advisories/GHSA-99r4-cjp4-3hmx
reference_id GHSA-99r4-cjp4-3hmx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-99r4-cjp4-3hmx
5
reference_url https://github.com/vantage6/vantage6/security/advisories/GHSA-99r4-cjp4-3hmx
reference_id GHSA-99r4-cjp4-3hmx
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-23T15:35:32Z/
url https://github.com/vantage6/vantage6/security/advisories/GHSA-99r4-cjp4-3hmx
fixed_packages
0
url pkg:pypi/vantage6@4.5.0rc3
purl pkg:pypi/vantage6@4.5.0rc3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmv9-8jyt-guht
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.5.0rc3
aliases CVE-2024-32969, GHSA-99r4-cjp4-3hmx
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ngj-b1za-nkce
1
url VCID-cmv9-8jyt-guht
vulnerability_id VCID-cmv9-8jyt-guht
summary vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43863
reference_id
reference_type
scores
0
value 0.00316
scoring_system epss
scoring_elements 0.55217
published_at 2026-06-13T12:55:00Z
1
value 0.00316
scoring_system epss
scoring_elements 0.55204
published_at 2026-06-14T12:55:00Z
2
value 0.00316
scoring_system epss
scoring_elements 0.55079
published_at 2026-06-11T12:55:00Z
3
value 0.00316
scoring_system epss
scoring_elements 0.552
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43863
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2025-220.yaml
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2025-220.yaml
2
reference_url https://github.com/vantage6/vantage6
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vantage6/vantage6
3
reference_url https://github.com/vantage6/vantage6/commit/e0f1841b310f6f610e8137db2506cf683ce154d0
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vantage6/vantage6/commit/e0f1841b310f6f610e8137db2506cf683ce154d0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43863
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43863
5
reference_url https://github.com/advisories/GHSA-j6g5-p62x-58hw
reference_id GHSA-j6g5-p62x-58hw
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6g5-p62x-58hw
6
reference_url https://github.com/vantage6/vantage6/security/advisories/GHSA-j6g5-p62x-58hw
reference_id GHSA-j6g5-p62x-58hw
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T17:54:31Z/
url https://github.com/vantage6/vantage6/security/advisories/GHSA-j6g5-p62x-58hw
fixed_packages
0
url pkg:pypi/vantage6@4.11.0
purl pkg:pypi/vantage6@4.11.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.11.0
1
url pkg:pypi/vantage6@5.0.0a0
purl pkg:pypi/vantage6@5.0.0a0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@5.0.0a0
aliases CVE-2025-43863, GHSA-j6g5-p62x-58hw, PYSEC-2025-220
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmv9-8jyt-guht
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/vantage6@4.3.2rc2