github.com/authzed/spicedb
Go12 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/authzed/spicedbpage 1 of 1
- CVE-2022-21646HIGHCVSS 8.1EG 8.1✓ Fixed in 1.4.02022-01-11
SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an `exclusion` or within an `intersection` operation will see `Lookup`/`Look…
- CVE-2023-29193HIGHCVSS 8.7EG 8.7✓ Fixed in 1.19.12023-04-14
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The `spicedb serve` command contains a flag named `--grpc-preshared-key` which is used to protect the…
- CVE-2023-35930LOWCVSS 3.7EG 3.7✓ Fixed in 1.22.22023-06-26
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a `LookupResources` request…
- CVE-2023-46255MEDIUMCVSS 4.2EG 4.2✓ Fixed in 1.27.0-rc12023-10-31
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed (e.g. by having a password which co…
- CVE-2024-27101HIGHCVSS 7.3EG 7.3✓ Fixed in 1.29.22024-03-01
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with a…
- CVE-2024-32001LOWCVSS 2.2EG 2.2✓ Fixed in 1.30.12024-04-10
SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return…
- CVE-2024-38361LOWCVSS 3.7EG 3.7✓ Fixed in 1.33.12024-06-20
Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to `NO_PERMISSION` when per…
- CVE-2024-46989LOWCVSS 3.7EG 3.7✓ Fixed in 1.35.32024-09-18
spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission …
- CVE-2024-48909LOWCVSS 2.0EG 2.0✓ Fixed in 1.37.12024-10-14
SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation p…
- CVE-2025-49011LOWCVSS 3.7EG 3.7✓ Fixed in 1.44.22025-06-06
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request i…
- CVE-2025-65111MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.47.12025-11-21
SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union (+) and that…
- CVE-2026-40091MEDIUMCVSS 6.0EG 6.0✓ Fixed in 1.51.12026-04-15
SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the ful…
Check whether github.com/authzed/spicedb is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/authzed/spicedb CVEs against the assets you own.
Start Free Scan →