Security: ethyca/fides
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
DOM-based XSS vulnerability in fides.js via fides_description overrideGHSA-5qrq-9645-g5g2 published
May 14, 2026 by daveqnetHigh -
Privacy Request Identity Verification Bypass Vulnerability via Duplicate DetectionGHSA-qx5f-ghc2-7g5c published
Apr 27, 2026 by daveqnetModerate -
Admin UI User Password Change Does Not Invalidate Current SessionGHSA-rpw8-82v9-3q87 published
Sep 8, 2025 by daveqnetLow -
Lack of Brute-Force Protections on Authentication EndpointsGHSA-7q62-r88r-j5gw published
Sep 8, 2025 by daveqnetLow -
OAuth Client Privilege Escalation Vulnerability in Fides Webserver APIGHSA-hjfh-p8f5-24wr published
Sep 8, 2025 by daveqnetHigh -
Fides Webserver API Rate Limiting Vulnerability in Proxied EnvironmentsGHSA-fq34-xw6c-fphf published
Sep 8, 2025 by daveqnetModerate -
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite APIGHSA-v7vm-rhmg-8j2r published
Nov 26, 2024 by RobertKeyserLow -
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating EngineGHSA-c34r-238x-f7qx published
Sep 4, 2024 by daveqnetCritical -
Inclusion of Untrusted polyfill.io Code Vulnerability in FidesJSGHSA-cvw4-c69g-7v7m published
Jul 2, 2024 by daveqnetLow -
Timing-Based Username Enumeration Vulnerability in Fides Webserver AuthenticationGHSA-2h46-8gf5-fmxv published
Sep 4, 2024 by daveqnetLow