| CVE-2026-40091 |
medium |
— |
5.5 |
|
|
|
2mo ago |
SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs |
| CVE-2026-46668 |
low |
— |
2.5 |
|
|
|
13d ago |
SpiceDB: Caveat structures with nested lists can result in improper cache reuse |
| CVE-2025-65111 |
low |
— |
2.5 |
|
|
|
6mo ago |
SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results |
| CVE-2025-64529 |
low |
— |
2.5 |
|
|
|
7mo ago |
SpiceDB WriteRelationships fails silently if payload is too big |
| CVE-2025-49011 |
unknown |
— |
— |
|
|
|
1y ago |
SpiceDB checks involving relations with caveats can result in no permission when permission is expected in github.com/authzed/spicedb |
| CVE-2024-48909 |
unknown |
— |
— |
|
|
|
2y ago |
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not in github.com/authzed/spicedb |
| CVE-2024-46989 |
unknown |
— |
— |
|
|
|
2y ago |
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission in github.com/authzed/spicedb |
| CVE-2024-38361 |
unknown |
— |
— |
|
|
|
2y ago |
SpiceDB exclusions can result in no permission returned when permission expected in github.com/authzed/spicedb |
| CVE-2024-32001 |
unknown |
— |
— |
|
|
|
2y ago |
SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used in github.com/authzed/spicedb |
| CVE-2024-27101 |
unknown |
— |
— |
|
|
|
2y ago |
Integer overflow in chunking helper causes dispatching to miss elements or panic in github.com/authzed/spicedb |
| CVE-2023-46255 |
unknown |
— |
— |
|
|
|
3y ago |
SpiceDB leaks information in log files when URI cannot be parsed in github.com/authzed/spicedb |
| CVE-2023-35930 |
unknown |
— |
— |
|
|
|
3y ago |
SpiceDB's LookupResources may return partial results in github.com/authzed/spicedb |
| CVE-2023-29193 |
unknown |
— |
— |
|
|
|
3y ago |
SpiceDB binding metrics port to untrusted networks and can leak command-line flags in github.com/authzed/spicedb |
| CVE-2022-21646 |
unknown |
— |
— |
|
|
|
4y ago |
Lookup operations do not take into account wildcards in SpiceDB in github.com/authzed/spicedb |
