Security

Report a vulnerability

SECURITY.md

Reporting a Vulnerability

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security@ethyca.com.

Although Ethyca does not currently operate a bug bounty program, we welcome the submission of vulnerability reports and aim to acknowlege your email within one week.

Information Disclosure Vulnerability of BigQuery Secrets in Connection Configuration Endpoints
GHSA-rcvg-jj3g-rj7c published May 30, 2024 by daveqnet

Moderate
Hosted Database Password Partial Exposure Vulnerability in Fides Webserver Logs
GHSA-8cm5-jfj2-26q7 published May 29, 2024 by daveqnet

Low
Cryptographically Weak Generation of One-Time Codes for Identity Verification
GHSA-82vr-5769-6358 published Nov 15, 2023 by daveqnet

High
JavaScript Injection Vulnerability in Privacy Center URL
GHSA-fgjj-5jmr-gh83 published Oct 23, 2023 by daveqnet

Moderate
Server-Side Request Forgery Vulnerability in Custom Integration Upload
GHSA-jq3w-9mgf-43m4 published Oct 23, 2023 by daveqnet

Moderate
Information Disclosure Vulnerability in Config API Endpoint
GHSA-rjxg-rpg3-9r89 published Oct 23, 2023 by daveqnet

Low
Remote Code Execution in Custom Integration Upload
GHSA-p6p2-qq95-vq5h published Sep 6, 2023 by daveqnet

High
HTML Injection Vulnerability in HTML-Formatted DSR Packages
GHSA-3vpf-mcj7-5h38 published Nov 8, 2023 by daveqnet

Low
Fides Webserver Vulnerable to SVG Bomb File Uploads
GHSA-3rw2-wfc8-wmj5 published Jul 18, 2023 by daveqnet

Low
Fides Webserver Vulnerable to Zip Bomb File Uploads
GHSA-g95c-2jgm-hqc6 published Jul 18, 2023 by daveqnet

Low

Learn more about advisories related to ethyca/fides in the GitHub Advisory Database