pkg:PyPI/vantage6

All known vulnerabilities

• CRITICAL9.8CVE-2025-43863vantage6 lacks brute-force protection on change password functionality
  from 0, < 4.11.0
• CRITICAL9.8CVE-2025-43863vantage6 lacks brute-force protection on change password functionality
  from 0, < 4.11.0
• HIGH8.8vantage6 remote code execution vulnerability
  from 0, < 4.2.0
• HIGH8.8vantage6 remote code execution vulnerability
  from 0, < eac19db737145d3ca987adf037a454fae0790ddd | from 0, < 4.2.0
• HIGH8.8vantage6 refresh tokens do not expire
  from 0, < 48ebfca42359e9a6743e9598684585e2522cdce8 | from 0, < 3.8.0
• HIGH8.8vantage6 refresh tokens do not expire
  from 0, < 3.8.0
• HIGH7.2Pickle serialization vulnerable to Deserialization of Untrusted Data
  from 0, < 4.0.2
• HIGH7.2Pickle serialization vulnerable to Deserialization of Untrusted Data
  from 0, < e62f03bacf2247bd59eed217e2e7338c3a01a5f0 | from 0, < 4.0.2
• MEDIUM6.5vantage6 has insecure SSH configuration for node and server containers
  from 0, < 4.2.0
• MEDIUM6.5vantage6 vulnerable to Improper Preservation of Permissions
  from 0, < 3.8.0
• MEDIUM6.5vantage6 vulnerable to Improper Preservation of Permissions
  from 0, < 798aca1de142a4eca175ef51112e2235642f4f24 | from 0, < 3.6.1, >= 3.7.0, < 3.8.0rc3
• MEDIUM6.5vantage6 vulnerable to Observable Response Discrepancy
  from 0, < ab4381c35d24add06f75d5a8a284321f7a340bd2 | >= 3.3.3, < 3.8.0
• MEDIUM6.5vantage6 vulnerable to Observable Response Discrepancy
  >= 3.3.3, < 3.8.0
• MEDIUM6.5vantage6 vulnerable to Observable Response Discrepancy
  from 0, < 3.8.0
• MEDIUM5.4Defining resource name as integer may give unintended access in vantage6
  from 0, < 4.0.0
• MEDIUM5.4Improper Access Control in vantage6
  from 0, < 4.0.0
• MEDIUM5.4Improper Access Control in vantage6
  from 0, < 4.0.0
• MEDIUM5.3vantage6 vulnerable to a username timing attack on recover password/MFA token
  from 0, < 4.3.0
• MEDIUM4.2vantage6's CORS settings overly permissive
  from 0, < 4.3.0
• LOW3.7vantage6 vulnerable to username timing attack
  from 0, < 389f416c445da4f2438c72f34c3b1084485c4e30 | from 0, < 4.2.0
• LOW3.7vantage6 does not properly delete linked resources when deleting a collaboration
  from 0, < 4.0.0
• LOW3.7vantage6 does not properly delete linked resources when deleting a collaboration
  from 0, < 4.0.0
• LOW3.5vantage6 may create unencrypted tasks in encrypted collaboration
  from 0, < 4.2.0
• LOW3.5vantage6 may create unencrypted tasks in encrypted collaboration
  from 0, < 6383283733b81abfcacfec7538dc4dc882e98074 | from 0, < 4.2.0
• LOW2.7vantage6 collaboration admins can extend their influence by expanding the collaboration
  from 0, < 4.5.0rc3
• —Vantage6: 2FA can be circumvented with hacked email access
  from 0, < 5.0.0
• —Vantage6: No limit on emails sent for password/MFA reset
  from 0, < 5.0.0