github.com/authzed/spicedb vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-55866Lowgithub.com/authzed/spicedb: SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expectedCVE-2026-46668Lowgithub.com/authzed/spicedb: SpiceDB: Caveat structures with nested lists can result in improper cache reuseCVE-2026-40091Mediumgithub.com/authzed/spicedb: SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logsGHSA-VHVQ-FV9F-WH4QLowgithub.com/authzed/spicedb: LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panicCVE-2025-65111Lowgithub.com/authzed/spicedb: SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete ResultsCVE-2025-64529Lowgithub.com/authzed/spicedb: SpiceDB WriteRelationships fails silently if payload is too bigCVE-2025-49011Lowgithub.com/authzed/spicedb: SpiceDB checks involving relations with caveats can result in no permission when permission is expectedCVE-2024-48909Lowgithub.com/authzed/spicedb: SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is notCVE-2024-46989Mediumgithub.com/authzed/spicedb: SpiceDB having multiple caveats on resources of the same type may improperly result in no permissionCVE-2024-38361Mediumgithub.com/authzed/spicedb: SpiceDB exclusions can result in no permission returned when permission expectedCVE-2024-32001Lowgithub.com/authzed/spicedb: SpiceDB: LookupSubjects may return partial results if a specific kind of relation is usedCVE-2024-27101Highgithub.com/authzed/spicedb: Integer overflow in chunking helper causes dispatching to miss elements or panicCVE-2023-46255Mediumgithub.com/authzed/spicedb: SpiceDB leaks information in log files when URI cannot be parsedCVE-2023-35930Lowgithub.com/authzed/spicedb: SpiceDB's LookupResources may return partial resultsCVE-2023-29193Highgithub.com/authzed/spicedb: SpiceDB binding metrics port to untrusted networks and can leak command-line flagsCVE-2022-21646Highgithub.com/authzed/spicedb: Lookup operations do not take into account wildcards in SpiceDB

Stop the waste.
Protect your environment with Kodem.