Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Version	Supported
4.x.x	✅
< 4.x.x	❌

Reporting a Vulnerability

Please report (suspected) security vulnerabilities to vantage6@iknl.nl. You will receive a response from us within 72 hours. If the issue is confirmed, we will release a patch as soon as possible. When the patched is released you will be informed.

Vantage6 Server JWT secret not cryptographically secure
GHSA-m3mq-f375-5vgh published Jun 12, 2025 by bartvanb

Low
Lack of brute-force protection on change password functionality
GHSA-j6g5-p62x-58hw published Jun 12, 2025 by bartvanb

Low
Collaboration admins can extend their influence by expanding the collaboration
GHSA-99r4-cjp4-3hmx published May 22, 2024 by bartvanb

Low
Username enumeration attack on recover password/recover MFA token
GHSA-5h3x-6gwf-73jm published Mar 14, 2024 by bartvanb

Low
CORS settings overly permissive
GHSA-4946-85pr-fvxh published Mar 14, 2024 by bartvanb

Low
Unencrypted task can be created in encrypted collaboration
GHSA-rjmv-52mp-gjrr published Jan 30, 2024 by bartvanb

Low
Username timing attack
GHSA-45gq-q4xh-cp53 published Jan 30, 2024 by bartvanb

Low
Insecure SSH configuration for node and server containers
GHSA-2wgc-48g2-cj5w published Jan 30, 2024 by bartvanb

Moderate
Remote code execution
GHSA-w9h2-px87-74vx published Jan 30, 2024 by bartvanb

Moderate
Node accepts non-whitelisted algorithms from malicious server
GHSA-vc3v-ppc7-v486 published Nov 14, 2023 by bartvanb

Moderate

Learn more about advisories related to vantage6/vantage6 in the GitHub Advisory Database