Federated learning is a kind of distributed machine learning technology that ensures that local data is not compromised when training with big data for machine learning models. However, a series of attacks shows that the adversary can steal private information from machine learning model parameters even if local data is inaccessible. Thus, from the intermediate model parameters transmission between the participants and the aggregator in the training phase to the finally released aggregated model, there are many privacy threats during the model release process of federated learning. As a result, many privacy-preserving federated learning approaches have emerged, primarily based on cryptography and differential privacy technology. This paper surveys the various privacy threats and adversary models that may appear when we publish local models and the aggregated model of federated learning. Furthermore, we systematically summarize the related defense technologies and research results. Additionally, we also look forward to the development of privacy-preserving federated learning.