Every CVE whose affected-product data names Ethyca Fides, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2024-45053 — CVSS 9.1 (critical): Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature…
CVE-2023-41319 — CVSS 8.8 (high): Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and…
CVE-2024-52008 — CVSS 8.8 (high): Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy…
CVE-2023-48224 — CVSS 8.2 (high): Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and…
CVE-2023-46124 — CVSS 8.2 (high): Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the…
CVE-2023-36827 — CVSS 7.5 (high): Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and…
CVE-2025-57816 — CVSS 7.5 (high): Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is…
CVE-2025-57817 — CVSS 7.2 (high): Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides…
CVE-2024-35189 — CVSS 6.5 (medium): Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve `ConnectionConfiguration`…
CVE-2025-57815 — CVSS 6.5 (medium): Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general…
CVE-2023-46125 — CVSS 6.5 (medium): Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and…
CVE-2024-31223 — CVSS 5.3 (medium): Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable…
CVE-2024-45052 — CVSS 5.3 (medium): Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in…
CVE-2025-57766 — CVSS 4.8 (medium): Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate…
CVE-2023-47114 — CVSS 4.3 (medium): Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and…
CVE-2023-46126 — CVSS 3.9 (low): Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping…
CVE-2023-37481 — CVSS 2.7 (low): Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is…
CVE-2023-37480 — CVSS 2.7 (low): Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is…
CVE-2024-34715 — CVSS 2.3 (low): Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for…
CVE-2024-38537 — CVSS 0.0 (none): Fides is an open-source privacy engineering platform. `fides.js`, a client-side script used to interact with the consent management…