Vantage6

This hub aggregates every CVE we track for Vantage6, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Vantage6.

• CVE-2025-43866Vantage6 Server JWT secret not cryptographically secure7.5Jun 12, 2025
• CVE-2025-43863vantage6 lacks brute-force protection on change password functionality9.8Jun 12, 2025
• CVE-2024-32969vantage6 collaboration admins can extend their influence by expanding the collaboration2.7May 23, 2024
• CVE-2024-23823CORS settings overly permissive in vantage64.2Mar 14, 2024
• CVE-2024-24770Username timing attack on recover password/MFA token in vantage65.3Mar 14, 2024
• CVE-2024-22193vantage6 unencrypted task can be created in encrypted collaboration3.5Jan 30, 2024
• CVE-2024-21671vantage6 username timing attack3.7Jan 30, 2024
• CVE-2024-21653vantage6 insecure SSH configuration for node and server containers6.5Jan 30, 2024
• CVE-2024-21649Remote code execution 8.8Jan 30, 2024
• CVE-2023-47631vantage6 Node accepts non-whitelisted algorithms from malicious server7.2Nov 14, 2023
• CVE-2023-41882vantage6 Improper Access Control vulnerability5.4Oct 11, 2023
• CVE-2023-41881Deleting a collaboration should also delete linked resources3.7Oct 11, 2023
• CVE-2023-28635Defining resource name as integer in vantage6 may give unintended access5.4Oct 11, 2023
• CVE-2023-23930vantage6's Pickle serialization is insecure5.5Oct 11, 2023
• CVE-2023-23929Refresh tokens do not expire in Vantage68.8Mar 3, 2023