Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

vantage6 — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting vantage6. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Vantage6 is a federated learning platform enabling collaborative data analysis without centralizing sensitive information. Historically, it has faced vulnerabilities across multiple classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, with 19 CVEs documented. The platform's distributed architecture introduces unique attack surfaces, particularly in node communication and authentication mechanisms. While no major public security incidents have been widely reported, the consistent presence of diverse CVEs suggests ongoing challenges in securing its complex distributed environment. The platform's security posture appears to prioritize functionality over robustness, with vulnerabilities spanning input validation, access control, and secure communication flaws.

Found 17 results / 19Clear Filters
Top products by vantage6: vantage6 vantage6-UI
CVE IDTitleCVSSSeverityPublished
CVE-2025-43866 Vantage6 Server JWT secret not cryptographically secure — vantage6CWE-330 6.5AIMediumAI2025-06-12
CVE-2025-43863 vantage6 lacks brute-force protection on change password functionality — vantage6CWE-307 8.8AIHighAI2025-06-12
CVE-2024-32969 vantage6 collaboration admins can extend their influence by expanding the collaboration — vantage6CWE-284 2.7 Low2024-05-23
CVE-2024-23823 CORS settings overly permissive in vantage6 — vantage6CWE-942 4.2 Medium2024-03-14
CVE-2024-24770 Username timing attack on recover password/MFA token in vantage6 — vantage6CWE-362 5.3 Medium2024-03-14
CVE-2024-22193 vantage6 unencrypted task can be created in encrypted collaboration — vantage6CWE-922 3.5 Low2024-01-30
CVE-2024-21671 vantage6 username timing attack — vantage6CWE-208 3.7 Low2024-01-30
CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers — vantage6CWE-284 6.5 Medium2024-01-30
CVE-2024-21649 Remote code execution — vantage6CWE-94 8.8 High2024-01-30
CVE-2023-47631 vantage6 Node accepts non-whitelisted algorithms from malicious server — vantage6CWE-345 7.2 High2023-11-14
CVE-2023-41882 vantage6 Improper Access Control vulnerability — vantage6CWE-863 5.4 Medium2023-10-11
CVE-2023-41881 Deleting a collaboration should also delete linked resources — vantage6CWE-200 3.7 Low2023-10-11
CVE-2023-28635 Defining resource name as integer in vantage6 may give unintended access — vantage6CWE-863 5.4 Medium2023-10-11
CVE-2023-23930 vantage6's Pickle serialization is insecure — vantage6CWE-502 5.5 Medium2023-10-11
CVE-2023-23929 Refresh tokens do not expire in Vantage6 — vantage6CWE-613 8.8 High2023-03-03
CVE-2023-22738 Improper Preservation of Permissions in vantage6 — vantage6CWE-281 6.3 Medium2023-03-01
CVE-2022-39228 Observable Response Discrepancy in vantage6 — vantage6CWE-204 5.3 Medium2023-03-01

This page lists every published CVE security advisory associated with vantage6. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.