pkg:PyPI/vantage6

25 total CVEsCRITICAL2HIGH6MEDIUM11LOW6

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2025-43863vantage6 lacks brute-force protection on change password functionality
    from 0, < 4.11.0
  • CRITICAL9.8CVE-2025-43863vantage6 lacks brute-force protection on change password functionality
    from 0, < 4.11.0
  • HIGH8.8CVE-2024-21649vantage6 remote code execution vulnerability
    from 0, < 4.2.0
  • HIGH8.8CVE-2024-21649vantage6 remote code execution vulnerability
    from 0, < eac19db737145d3ca987adf037a454fae0790ddd | from 0, < 4.2.0
  • HIGH8.8CVE-2023-23929vantage6 refresh tokens do not expire
    from 0, < 48ebfca42359e9a6743e9598684585e2522cdce8 | from 0, < 3.8.0
  • HIGH8.8CVE-2023-23929vantage6 refresh tokens do not expire
    from 0, < 3.8.0
  • HIGH7.2CVE-2023-23930Pickle serialization vulnerable to Deserialization of Untrusted Data
    from 0, < 4.0.2
  • HIGH7.2CVE-2023-23930Pickle serialization vulnerable to Deserialization of Untrusted Data
    from 0, < e62f03bacf2247bd59eed217e2e7338c3a01a5f0 | from 0, < 4.0.2
  • MEDIUM6.5CVE-2024-21653vantage6 has insecure SSH configuration for node and server containers
    from 0, < 4.2.0
  • MEDIUM6.5CVE-2023-22738vantage6 vulnerable to Improper Preservation of Permissions
    from 0, < 3.8.0
  • MEDIUM6.5CVE-2023-22738vantage6 vulnerable to Improper Preservation of Permissions
    from 0, < 798aca1de142a4eca175ef51112e2235642f4f24 | from 0, < 3.6.1, >= 3.7.0, < 3.8.0rc3
  • MEDIUM6.5CVE-2022-39228vantage6 vulnerable to Observable Response Discrepancy
    from 0, < 3.8.0
  • MEDIUM6.5CVE-2022-39228vantage6 vulnerable to Observable Response Discrepancy
    >= 3.3.3, < 3.8.0
  • MEDIUM6.5CVE-2022-39228vantage6 vulnerable to Observable Response Discrepancy
    from 0, < ab4381c35d24add06f75d5a8a284321f7a340bd2 | >= 3.3.3, < 3.8.0
  • MEDIUM5.4CVE-2023-28635Defining resource name as integer may give unintended access in vantage6
    from 0, < 4.0.0
  • MEDIUM5.4CVE-2023-41882Improper Access Control in vantage6
    from 0, < 4.0.0
  • MEDIUM5.4CVE-2023-41882Improper Access Control in vantage6
    from 0, < 4.0.0
  • MEDIUM5.3CVE-2024-24770vantage6 vulnerable to a username timing attack on recover password/MFA token
    from 0, < 4.3.0
  • MEDIUM4.2CVE-2024-23823vantage6's CORS settings overly permissive
    from 0, < 4.3.0
  • LOW3.7CVE-2024-21671vantage6 vulnerable to username timing attack
    from 0, < 389f416c445da4f2438c72f34c3b1084485c4e30 | from 0, < 4.2.0
  • LOW3.7CVE-2023-41881vantage6 does not properly delete linked resources when deleting a collaboration
    from 0, < 4.0.0
  • LOW3.7CVE-2023-41881vantage6 does not properly delete linked resources when deleting a collaboration
    from 0, < 4.0.0
  • LOW3.5CVE-2024-22193vantage6 may create unencrypted tasks in encrypted collaboration
    from 0, < 6383283733b81abfcacfec7538dc4dc882e98074 | from 0, < 4.2.0
  • LOW3.5CVE-2024-22193vantage6 may create unencrypted tasks in encrypted collaboration
    from 0, < 4.2.0
  • LOW2.7CVE-2024-32969vantage6 collaboration admins can extend their influence by expanding the collaboration
    from 0, < 4.5.0rc3