Ethyca Fides
21 CVEs affecting Ethyca Fides. Latest disclosed: 2026-05-12. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-45053 | Critical | 9.1 | 2024-09-04 | Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without… |
CVE-2023-41319 | High | 8.8 | 2023-09-06 | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of pri… |
CVE-2023-48224 | High | 8.2 | 2023-11-15 | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of pri… |
CVE-2023-46124 | High | 8.2 | 2023-10-24 | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of priv… |
CVE-2023-36827 | High | 7.5 | 2023-07-05 | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of pri… |
CVE-2024-35189 | Medium | 6.5 | 2024-05-30 | Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve `ConnectionConfiguration` records and their a… |
CVE-2023-46125 | Medium | 6.5 | 2023-10-24 | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of pri… |
CVE-2024-45052 | Medium | 5.3 | 2024-09-04 | Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver auth… |
CVE-2024-31223 | Medium | 5.3 | 2024-07-03 | Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Pri… |
CVE-2023-47114 | Medium | 4.3 | 2023-11-08 | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of… |
CVE-2023-46126 | Low | 3.9 | 2023-10-24 | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy reg… |
CVE-2023-37480 | Low | 2.7 | 2023-07-18 | Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of… |
CVE-2023-37481 | Low | 2.7 | 2023-07-18 | Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of… |
CVE-2024-34715 | Low | 2.3 | 2024-05-29 | Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of appli… |
CVE-2026-42303 | | 2026-05-12 | Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplic… | |
CVE-2025-57817 | | 2025-09-08 | Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not… | |
CVE-2025-57816 | | 2025-09-08 | Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in envi… | |
CVE-2025-57766 | | 2025-09-08 | Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions… | |
CVE-2025-57815 | | 2025-09-08 | Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for al… | |
CVE-2024-52008 | | 2024-11-26 | Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to… |