Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

fides — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in fides, with AI-generated Chinese analysis, references, and POCs.

Vendor: ethyca

CVE IDTitleCVSSSeverityPublished
CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation CWE-862 7.2AIHighAI2025-09-08
CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments CWE-799 7.5AIHighAI2025-09-08
CVE-2025-57766 Fides's Admin UI User Password Change Does Not Invalidate Current Session CWE-613 9.8AICriticalAI2025-09-08
CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints CWE-307 9.8AICriticalAI2025-09-08
CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver CWE-602 6.5AIMediumAI2024-11-26
CVE-2024-45053 Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine CWE-1336 9.1 Critical2024-09-04
CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability CWE-208 5.3 Medium2024-09-04
CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL CWE-497 5.3 Medium2024-07-03
CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js CWE-829--2024-07-02
CVE-2024-35189 Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides CWE-201 6.5 Medium2024-05-30
CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs CWE-532 2.3 Low2024-05-29
CVE-2023-48224 Cryptographically Weak Generation of One-Time Codes for Identity Verification in ethyca-fides CWE-338 8.2 High2023-11-15
CVE-2023-47114 Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages CWE-79 4.3 Medium2023-11-08
CVE-2023-46124 Server-Side Request Forgery Vulnerability in Custom Integration Upload CWE-918 8.2 High2023-10-24
CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint CWE-200 6.5 Medium2023-10-24
CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL CWE-79 3.9 Low2023-10-24
CVE-2023-41319 Remote Code Execution in Custom Integration Upload in Fides CWE-94 8.8 High2023-09-06
CVE-2023-37480 Fides Webserver Vulnerable to Zip Bomb File Uploads CWE-400 2.7 Low2023-07-18
CVE-2023-37481 Fides Webserver Vulnerable to SVG Bomb File Uploads CWE-400 2.7 Low2023-07-18
CVE-2023-36827 Fides vulnerable to Path Traversal in Webserver API CWE-22 7.5 High2023-07-05

All 20 known CVE vulnerabilities affecting fides with full Chinese analysis, references, and POCs where available.