VYPR
Vendor

Authzed

Products
1
CVEs
15
Across products
15
Status
Private

Products

1

Recent CVEs

15
  • CVE-2026-40091MedApr 15, 2026
    risk 0.32cvss 6.0epss 0.00

    SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext…

  • CVE-2026-46668LowJun 10, 2026
    risk 0.08cvss epss 0.00

    SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.

  • CVE-2026-55866lowJun 19, 2026
    risk 0.00cvss epss

    ### Impact Under concurrency, `CheckPermission` and `CheckBulkPermissions` can return `PERMISSIONSHIP_HAS_PERMISSION` for a (resource, permission, subject) whose correct answer is `PERMISSIONSHIP_CONDITIONAL_PERMISSION`. You are impacted if **all** of the following hold: …

  • CVE-2025-65111Nov 21, 2025
    risk 0.00cvss epss 0.00

    SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union (+) and that union references the same relation on…

  • CVE-2025-64529Nov 10, 2025
    risk 0.00cvss epss 0.00

    SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions prior to 1.45.2, users who use the exclusion operator somewhere in their authorization schema; have configured their SpiceDB server such that…

  • CVE-2025-49011Jun 6, 2025
    risk 0.00cvss epss 0.00

    SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple…

  • CVE-2024-48909Oct 14, 2024
    risk 0.00cvss epss 0.00

    SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their requests can return a…

  • CVE-2024-46989Sep 18, 2024
    risk 0.00cvss epss 0.00

    spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is…

  • CVE-2024-38361Jun 20, 2024
    risk 0.00cvss epss 0.00

    Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to `NO_PERMISSION` when permission is expected. If the resource…

  • CVE-2024-32001Apr 10, 2024
    risk 0.00cvss epss 0.01

    SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for…

  • CVE-2024-27101Mar 1, 2024
    risk 0.00cvss epss 0.00

    SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked…

  • CVE-2023-46255Oct 31, 2023
    risk 0.00cvss epss 0.00

    SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the…

  • CVE-2023-35930Jun 26, 2023
    risk 0.00cvss epss 0.00

    SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a `LookupResources` request with 1.22.0 is affected. For example,…

  • CVE-2023-29193Apr 14, 2023
    risk 0.00cvss epss 0.01

    SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The `spicedb serve` command contains a flag named `--grpc-preshared-key` which is used to protect the gRPC API from being accessed by…

  • CVE-2022-21646Jan 11, 2022
    risk 0.00cvss epss 0.01

    SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an `exclusion` or within an `intersection` operation will see `Lookup`/`LookupResources` return a resource as…