pkg:PyPI/ethyca-fides

23 total CVEsCRITICAL1HIGH7MEDIUM7LOW4

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.1CVE-2024-45053Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
    >= 2.19.0, < 2.44.0
  • HIGH8.8CVE-2023-41319Remote Code Execution in Custom Integration Upload
    >= 2.11.0, < 2.19.0
  • HIGH8.2CVE-2023-48224Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification
    from 0, < 2.24.0
  • HIGH8.2CVE-2023-46124Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload
    from 0, < 2.22.1
  • HIGH7.5CVE-2025-57816Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
    from 0, < 2.69.1
  • HIGH7.5CVE-2023-36827ethyca-fides Webserver API Path Traversal vulnerability
    from 0, < f526d9ffb176006d701493c9d0eff6b4884e811f | from 0, < 2.15.1
  • HIGH7.5CVE-2023-36827ethyca-fides Webserver API Path Traversal vulnerability
    from 0, < 2.15.1
  • HIGH7.2CVE-2025-57817Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
    from 0, < 2.69.1
  • MEDIUM6.5CVE-2025-57815Fides has a Lack of Brute-Force Protections on Authentication Endpoints
    from 0, < 2.69.1
  • MEDIUM6.5CVE-2024-35189Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
    from 0, < 2.37.0
  • MEDIUM6.5CVE-2023-46125Fides Information Disclosure Vulnerability in Config API Endpoint
    from 0, < 2.22.1
  • MEDIUM5.7CVE-2024-52008Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
    from 0, < 2.50.0
  • MEDIUM5.3CVE-2024-31223Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
    >= 2.19.0, < 2.39.2
  • MEDIUM4.8CVE-2025-57766Fides' Admin UI User Password Change Does Not Invalidate Current Session
    from 0, < 2.69.1
  • MEDIUM4.3CVE-2023-47114Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages
    >= 2.15.1, < 2.23.3
  • LOW3.9CVE-2023-46126Fides JavaScript Injection Vulnerability in Privacy Center URL
    from 0, < 2.22.1
  • LOW2.7CVE-2023-37481Fides Webserver Vulnerable to SVG Bomb File Uploads
    >= 2.11.0, < 2.16.0
  • LOW2.7CVE-2023-37480Fides Webserver Vulnerable to Zip Bomb File Uploads
    >= 2.11.0, < 2.16.0
  • LOW2.3CVE-2024-34715Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
    from 0, < 2.37.0
  • NONE0.0CVE-2024-38537Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
    from 0, < 2.39.1
  • CVE-2026-44541ethyca-fides has a DOM-based XSS vulnerability in fides.js via fides_description override
    >= 2.33.0, < 2.84.5
  • CVE-2026-42303Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
    >= 2.75.0, < 2.83.2
  • CVE-2024-45052Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
    from 0, < 2.44.0