Launch Week Day 1: Announcing Security Design Review
Start for Free
go

github.com/authzed/spicedb

View on go registry
28 Total advisories
28 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
Go

CVE-2026-46668

SpiceDB: Caveat structures with nested lists can result in improper cache reuse
MEDIUM 6.5
Go

CVE-2025-64529

SpiceDB WriteRelationships fails silently if payload is too big
UNKNOWN
Go

CVE-2025-65111

SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results
MEDIUM 6.0
Go

CVE-2026-40091

SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs
UNKNOWN
Go

CVE-2025-65111

SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results in github.com/authzed/spicedb
UNKNOWN
Go

CVE-2025-64529

SpiceDB WriteRelationships fails silently if payload is too big in github.com/authzed/spicedb
UNKNOWN
Go

CVE-2025-49011

SpiceDB checks involving relations with caveats can result in no permission when permission is expected in github.com/authzed/spicedb
UNKNOWN
Go

CVE-2024-48909

SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not in github.com/authzed/spicedb
UNKNOWN
Go

CVE-2024-46989

SpiceDB having multiple caveats on resources of the same type may improperly result in no permission in github.com/authzed/spicedb
UNKNOWN
Go

CVE-2023-35930

SpiceDB's LookupResources may return partial results in github.com/authzed/spicedb
UNKNOWN
Go

CVE-2022-21646

Lookup operations do not take into account wildcards in SpiceDB in github.com/authzed/spicedb
UNKNOWN
Go

GO-2026-4465

LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic
UNKNOWN
Go

GHSA-vhvq-fv9f-wh4q

LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic in github.com/authzed/spicedb
UNKNOWN
Go

CVE-2024-32001

SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used in github.com/authzed/spicedb
UNKNOWN
Go

CVE-2024-38361

SpiceDB exclusions can result in no permission returned when permission expected in github.com/authzed/spicedb
UNKNOWN
Go

CVE-2024-27101

Integer overflow in chunking helper causes dispatching to miss elements or panic in github.com/authzed/spicedb
HIGH 7.3
Go

CVE-2024-27101

Integer overflow in chunking helper causes dispatching to miss elements or panic
MEDIUM 4.2
Go

CVE-2023-46255

SpiceDB leaks information in log files when URI cannot be parsed
UNKNOWN
Go

CVE-2023-46255

SpiceDB leaks information in log files when URI cannot be parsed in github.com/authzed/spicedb
UNKNOWN
Go

CVE-2023-29193

SpiceDB binding metrics port to untrusted networks and can leak command-line flags in github.com/authzed/spicedb
LOW 2.2
Go

CVE-2024-32001

SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used
HIGH 8.1
Go

CVE-2023-29193

SpiceDB binding metrics port to untrusted networks and can leak command-line flags
LOW 3.7
Go

CVE-2024-38361

SpiceDB exclusions can result in no permission returned when permission expected
LOW 3.7
Go

CVE-2025-49011

SpiceDB checks involving relations with caveats can result in no permission when permission is expected
LOW 3.7
Go

CVE-2024-46989

SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
LOW 2.0
Go

CVE-2024-48909

SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not
HIGH 8.1
Go

CVE-2022-21646

Lookup operations do not take into account wildcards in SpiceDB
LOW 3.7
Go

CVE-2023-35930

SpiceDB's LookupResources may return partial results

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes