CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

CVE-2025-57817

The CVE describes a privilege-escalation flaw in Fides: before version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment, allowing users with client:create or client:update permissions to elevate to owner-level. Affected c...

CVE-2023-41319

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...

Fides Security Vulnerabilities

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Fides versions prior to 2.37.0, which stems from the presence of an...

Fides Security Vulnerabilities

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in versions of Fides prior to 2.24.0 that stems from the use of a weakly...

PT-2023-30741 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.24.0 Description: The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller users of the Fides web application. If subject identity verification required is set to...

Fides Code Issues Vulnerabilities

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in a runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in versions of Fides prior to 2.22.1 that stems from allowing custom...

PT-2023-29859 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.22.1 Description: The Fides web application allows users to edit consent and privacy notices, such as cookie banners. A vulnerability exists where a crafted payload in the privacy policy URL can trigger JavaScript...

PT-2023-27904 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions 2.11.0 through 2.19.0 Description: The Fides webserver API allows custom integrations to be uploaded as a ZIP file, which can contain YAML files and custom Python code. The custom code is executed in a restricted environment, b...

Fides 资源管理错误漏洞

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A resource management error vulnerability exists in Fides versions 2.11.0 through 2.15.1, which is rooted in...

PYSEC-2023-107

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...