ethyca-fides
PyPI20 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting ethyca-fidespage 1 of 1
- CVE-2023-36827HIGHCVSS 7.5EG 7.5✓ Fixed in 2.15.12023-07-05
vulnerable: 1.9.9 ... 2.9.2 (63 versions)
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability a…
- CVE-2023-37480LOWCVSS 2.7EG 2.7✓ Fixed in 2.16.02023-07-18
vulnerable: 2.11.0 ... 2.15.2b0 (35 versions)
Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit a weakness in the connect…
- CVE-2023-37481LOWCVSS 2.7EG 2.7✓ Fixed in 2.16.02023-07-18
vulnerable: 2.11.0 ... 2.15.2b0 (35 versions)
Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upl…
- CVE-2023-41319HIGHCVSS 8.8EG 8.8✓ Fixed in 2.19.02023-09-06
vulnerable: 2.11.0 ... 2.19.0rc8 (53 versions)
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to …
- CVE-2023-46124HIGHCVSS 8.2EG 8.2✓ Fixed in 2.22.12023-10-25
vulnerable: 1.9.9 ... 2.9.2 (135 versions)
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration t…
- CVE-2023-46125MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.22.12023-10-25
vulnerable: 1.9.9 ... 2.9.2 (135 versions)
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its c…
- CVE-2023-46126LOWCVSS 3.9EG 3.9✓ Fixed in 2.22.12023-10-25
vulnerable: 1.9.9 ... 2.9.2 (135 versions)
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and pri…
- CVE-2023-47114MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.23.32023-11-08
vulnerable: 2.15.1 ... 2.23.3rc2 (97 versions)
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject …
- CVE-2023-48224HIGHCVSS 8.2EG 8.2✓ Fixed in 2.24.02023-11-15
vulnerable: 1.9.9 ... 2.9.2 (170 versions)
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to …
- CVE-2024-31223MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.39.22024-07-03
vulnerable: 2.19.0 ... 2.39.2rc0 (248 versions)
Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this v…
- CVE-2024-34715LOWCVSS 2.3EG 2.3✓ Fixed in 2.37.02024-05-29
vulnerable: 1.9.9 ... 2.9.2 (305 versions)
Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection …
- CVE-2024-35189MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.37.02024-05-30
vulnerable: 1.9.9 ... 2.9.2 (305 versions)
Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve `ConnectionConfiguration` records and their associated `secrets` which _can_ contain sensitive data (e.g. passwords, private …
- CVE-2024-38537NONECVSS 0.0EG 0.0✓ Fixed in 2.39.12024-07-02
vulnerable: 1.9.9 ... 2.9.2 (328 versions)
Fides is an open-source privacy engineering platform. `fides.js`, a client-side script used to interact with the consent management features of Fides, used the `polyfill.io` domain in a very limited edge case, when it detected a legacy bro…
- CVE-2024-45052MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.44.02024-09-04
vulnerable: 1.9.9 ... 2.9.2 (376 versions)
Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine t…
- CVE-2024-45053CRITICALCVSS 9.1EG 9.1✓ Fixed in 2.44.02024-09-04
vulnerable: 2.19.0 ... 2.44.0rc5 (293 versions)
Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Se…
- CVE-2024-52008HIGHCVSS 8.8EG 8.8✓ Fixed in 2.50.02024-11-26
vulnerable: 1.9.9 ... 2.9.2 (456 versions)
Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI…
- CVE-2025-57766MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.69.12025-09-08
vulnerable: 1.9.9 ... 2.9.2 (763 versions)
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained …
- CVE-2025-57815MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.69.12025-09-08
vulnerable: 1.9.9 ... 2.9.2 (763 versions)
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect ag…
- CVE-2025-57816HIGHCVSS 7.5EG 7.5✓ Fixed in 2.69.12025-09-08
vulnerable: 1.9.9 ... 2.9.2 (763 versions)
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies ra…
- CVE-2026-42303MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.83.22026-05-12
vulnerable: 2.75.0 ... 2.83.2rc3 (144 versions)
Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an admini…
Check whether ethyca-fides is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ethyca-fides CVEs against the assets you own.
Start Free Scan →