Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
ethyca-fides has a DOM-based XSS vulnerability in fides.js via fides_description override High
CVE-2026-44541 was published for ethyca-fides (pip) May 14, 2026
daveqnet Credited to daveqnet
Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection Moderate
CVE-2026-42303 was published for ethyca-fides (pip) May 5, 2026
RobertKeyser Credited to RobertKeyser and daveqnet daveqnet daveqnet
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation High
CVE-2025-57817 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher Credited to thabofletcher, erosselli, and daveqnet erosselli erosselli
daveqnet daveqnet
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments Moderate
CVE-2025-57816 was published for ethyca-fides (pip) Sep 8, 2025
daveqnet Credited to daveqnet, eastandwestwind, and erosselli eastandwestwind eastandwestwind
erosselli erosselli
Fides has a Lack of Brute-Force Protections on Authentication Endpoints Low
CVE-2025-57815 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher Credited to thabofletcher and daveqnet daveqnet daveqnet
Fides' Admin UI User Password Change Does Not Invalidate Current Session Low
CVE-2025-57766 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher Credited to thabofletcher, adamsachs, and daveqnet adamsachs adamsachs
daveqnet daveqnet
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API Low
CVE-2024-52008 was published for ethyca-fides (pip) Nov 26, 2024
h0wl Credited to h0wl, andres-torres-marroquin, daveqnet, and erosselli andres-torres-marroquin andres-torres-marroquin
daveqnet daveqnet erosselli erosselli
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine High
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja Credited to grmpyninja, andres-torres-marroquin, adamsachs, and daveqnet andres-torres-marroquin andres-torres-marroquin
adamsachs adamsachs daveqnet daveqnet
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication Low
CVE-2024-45052 was published for ethyca-fides (pip) Sep 4, 2024
RobertKeyser Credited to RobertKeyser, pattisdr, and daveqnet pattisdr pattisdr
daveqnet daveqnet
Fides Webserver Vulnerable to SVG Bomb File Uploads Low
CVE-2023-37481 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet Credited to daveqnet
Fides Webserver Vulnerable to Zip Bomb File Uploads Low
CVE-2023-37480 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet Credited to daveqnet
ethyca-fides Webserver API Path Traversal vulnerability High
CVE-2023-36827 was published for ethyca-fides (pip) Jul 6, 2023
daveqnet Credited to daveqnet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database