| CVE-2026-44541 |
high |
— |
8.0 |
|
|
|
15d ago |
ethyca-fides has a DOM-based XSS vulnerability in fides.js via fides_description override |
| CVE-2026-42303 |
medium |
— |
5.5 |
|
|
|
17d ago |
Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection |
| CVE-2025-57817 |
unknown |
— |
— |
|
|
|
9mo ago |
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation |
| CVE-2025-57816 |
unknown |
— |
— |
|
|
|
9mo ago |
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments |
| CVE-2025-57815 |
unknown |
— |
— |
|
|
|
9mo ago |
Fides has a Lack of Brute-Force Protections on Authentication Endpoints |
| CVE-2025-57766 |
unknown |
— |
— |
|
|
|
9mo ago |
Fides' Admin UI User Password Change Does Not Invalidate Current Session |
| CVE-2024-52008 |
unknown |
— |
— |
|
|
|
2y ago |
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API |
| CVE-2024-45053 |
unknown |
— |
— |
|
|
|
2y ago |
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine |
| CVE-2024-45052 |
unknown |
— |
— |
|
|
|
2y ago |
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication |
| CVE-2024-31223 |
unknown |
— |
— |
|
|
|
2y ago |
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL |
| CVE-2024-38537 |
unknown |
— |
— |
|
|
|
2y ago |
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js |
| CVE-2024-35189 |
unknown |
— |
— |
|
|
|
2y ago |
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints |
| CVE-2024-34715 |
unknown |
— |
— |
|
|
|
2y ago |
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability |
| CVE-2023-48224 |
unknown |
— |
— |
|
|
|
3y ago |
Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification |
| CVE-2023-47114 |
unknown |
— |
— |
|
|
|
3y ago |
Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages |
| CVE-2023-46126 |
unknown |
— |
— |
|
|
|
3y ago |
Fides JavaScript Injection Vulnerability in Privacy Center URL |
| CVE-2023-46125 |
unknown |
— |
— |
|
|
|
3y ago |
Fides Information Disclosure Vulnerability in Config API Endpoint |
| CVE-2023-46124 |
unknown |
— |
— |
|
|
|
3y ago |
Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload |
| CVE-2023-41319 |
unknown |
— |
— |
|
|
|
3y ago |
Remote Code Execution in Custom Integration Upload |
| CVE-2023-37481 |
unknown |
— |
— |
|
|
|
3y ago |
Fides Webserver Vulnerable to SVG Bomb File Uploads |
| CVE-2023-37480 |
unknown |
— |
— |
|
|
|
3y ago |
Fides Webserver Vulnerable to Zip Bomb File Uploads |
| CVE-2023-36827 |
unknown |
— |
— |
|
|
|
3y ago |
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path travers… |