Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ethyca-fides@2.58.1b4
Typepypi
Namespace
Nameethyca-fides
Version2.58.1b4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.69.1
Latest_non_vulnerable_version2.84.5
Affected_by_vulnerabilities
0
url VCID-3pav-59e9-2bda
vulnerability_id VCID-3pav-59e9-2bda
summary 
Fides' Admin UI User Password Change Does Not Invalidate Current Session
Admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors (such as XSS) can maintain access even after password reset. This issue is not directly exploitable on its own and requires a prerequisite vulnerability to obtain valid session tokens in the first place.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57766
reference_id
reference_type
scores
0
value 0.00072
scoring_system epss
scoring_elements 0.2206
published_at 2026-06-06T12:55:00Z
1
value 0.00072
scoring_system epss
scoring_elements 0.22074
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57766
1
reference_url https://github.com/ethyca/fides
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ethyca/fides
2
reference_url https://github.com/ethyca/fides/commit/8daec4f5ad3daf0f0bdab4814f6757eb0965104b
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:44:58Z/
url https://github.com/ethyca/fides/commit/8daec4f5ad3daf0f0bdab4814f6757eb0965104b
3
reference_url https://github.com/ethyca/fides/releases/tag/2.69.1
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:44:58Z/
url https://github.com/ethyca/fides/releases/tag/2.69.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57766
reference_id CVE-2025-57766
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57766
5
reference_url https://github.com/advisories/GHSA-rpw8-82v9-3q87
reference_id GHSA-rpw8-82v9-3q87
reference_type
scores
url https://github.com/advisories/GHSA-rpw8-82v9-3q87
6
reference_url https://github.com/ethyca/fides/security/advisories/GHSA-rpw8-82v9-3q87
reference_id GHSA-rpw8-82v9-3q87
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:44:58Z/
url https://github.com/ethyca/fides/security/advisories/GHSA-rpw8-82v9-3q87
fixed_packages
0
url pkg:pypi/ethyca-fides@2.69.1
purl pkg:pypi/ethyca-fides@2.69.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.69.1
aliases CVE-2025-57766, GHSA-rpw8-82v9-3q87
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3pav-59e9-2bda
1
url VCID-3qky-5nyd-tqat
vulnerability_id VCID-3qky-5nyd-tqat
summary 
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with `client:create` or `client:update` permissions to escalate their privileges to owner-level.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57817
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.27232
published_at 2026-06-05T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.27179
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57817
1
reference_url https://github.com/ethyca/fides
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ethyca/fides
2
reference_url https://github.com/ethyca/fides/commit/2ffd125e1089a09b84c27fb5279a05960cbf2452
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-09T13:38:53Z/
url https://github.com/ethyca/fides/commit/2ffd125e1089a09b84c27fb5279a05960cbf2452
3
reference_url https://github.com/ethyca/fides/releases/tag/2.69.1
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-09T13:38:53Z/
url https://github.com/ethyca/fides/releases/tag/2.69.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57817
reference_id CVE-2025-57817
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57817
5
reference_url https://github.com/advisories/GHSA-hjfh-p8f5-24wr
reference_id GHSA-hjfh-p8f5-24wr
reference_type
scores
url https://github.com/advisories/GHSA-hjfh-p8f5-24wr
6
reference_url https://github.com/ethyca/fides/security/advisories/GHSA-hjfh-p8f5-24wr
reference_id GHSA-hjfh-p8f5-24wr
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-09T13:38:53Z/
url https://github.com/ethyca/fides/security/advisories/GHSA-hjfh-p8f5-24wr
fixed_packages
0
url pkg:pypi/ethyca-fides@2.69.1
purl pkg:pypi/ethyca-fides@2.69.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.69.1
aliases CVE-2025-57817, GHSA-hjfh-p8f5-24wr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3qky-5nyd-tqat
2
url VCID-uyp4-v7q3-mke6
vulnerability_id VCID-uyp4-v7q3-mke6
summary 
Fides has a Lack of Brute-Force Protections on Authentication Endpoints
The Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or password spraying, which poses a risk to accounts with weak or previously compromised passwords.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57815
reference_id
reference_type
scores
0
value 0.00074
scoring_system epss
scoring_elements 0.22605
published_at 2026-06-05T12:55:00Z
1
value 0.00074
scoring_system epss
scoring_elements 0.22592
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57815
1
reference_url https://github.com/ethyca/fides
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ethyca/fides
2
reference_url https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:43:58Z/
url https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c
3
reference_url https://github.com/ethyca/fides/releases/tag/2.69.1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:43:58Z/
url https://github.com/ethyca/fides/releases/tag/2.69.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57815
reference_id CVE-2025-57815
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57815
5
reference_url https://github.com/advisories/GHSA-7q62-r88r-j5gw
reference_id GHSA-7q62-r88r-j5gw
reference_type
scores
url https://github.com/advisories/GHSA-7q62-r88r-j5gw
6
reference_url https://github.com/ethyca/fides/security/advisories/GHSA-7q62-r88r-j5gw
reference_id GHSA-7q62-r88r-j5gw
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:43:58Z/
url https://github.com/ethyca/fides/security/advisories/GHSA-7q62-r88r-j5gw
fixed_packages
0
url pkg:pypi/ethyca-fides@2.69.1
purl pkg:pypi/ethyca-fides@2.69.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.69.1
aliases CVE-2025-57815, GHSA-7q62-r88r-j5gw
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uyp4-v7q3-mke6
3
url VCID-we2n-hjyz-1qcy
vulnerability_id VCID-we2n-hjyz-1qcy
summary 
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
The Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rather than client IPs, and stores counters in-memory rather than in a shared store. This allows attackers to bypass intended rate limits and potentially cause denial of service.

This vulnerability only affects deployments relying on Fides's built-in rate limiting for protection. Deployments using external rate limiting solutions (WAFs, API gateways, etc.) are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57816
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13281
published_at 2026-06-05T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.13285
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57816
1
reference_url https://github.com/ethyca/fides
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ethyca/fides
2
reference_url https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-09T14:19:06Z/
url https://github.com/ethyca/fides/commit/59903c195e2f9f8915a1db94950aefd557033a5c
3
reference_url https://github.com/ethyca/fides/releases/tag/2.69.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-09T14:19:06Z/
url https://github.com/ethyca/fides/releases/tag/2.69.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57816
reference_id CVE-2025-57816
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57816
5
reference_url https://github.com/advisories/GHSA-fq34-xw6c-fphf
reference_id GHSA-fq34-xw6c-fphf
reference_type
scores
url https://github.com/advisories/GHSA-fq34-xw6c-fphf
6
reference_url https://github.com/ethyca/fides/security/advisories/GHSA-fq34-xw6c-fphf
reference_id GHSA-fq34-xw6c-fphf
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-09T14:19:06Z/
url https://github.com/ethyca/fides/security/advisories/GHSA-fq34-xw6c-fphf
fixed_packages
0
url pkg:pypi/ethyca-fides@2.69.1
purl pkg:pypi/ethyca-fides@2.69.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.69.1
aliases CVE-2025-57816, GHSA-fq34-xw6c-fphf
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-we2n-hjyz-1qcy
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ethyca-fides@2.58.1b4