Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

authzed — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting authzed. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Authzed provides a fine-grained authorization service enabling developers to implement attribute-based access control in applications. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. The platform's security model focuses on decentralized permission management, though incidents like CVE-2023-24498 highlight risks in API endpoint exposures. With 13 CVEs recorded, common weaknesses involve insecure direct object references and insufficient rate limiting, emphasizing the need for rigorous input sanitization and proper access control implementation in distributed systems.

Top products by authzed: spicedb
CVE IDTitleCVSSSeverityPublished
CVE-2026-40091 SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs — spicedbCWE-532 6.0 Medium2026-04-14
CVE-2025-65111 SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results — spicedbCWE-277 5.4 -2025-11-21
CVE-2025-64529 SpiceDB's WriteRelationships fails silently if payload is too big — spicedbCWE-770 8.1 -2025-11-10
CVE-2025-49011 SpiceDB checks involving relations with caveats can result in no permission when permission is expected — spicedbCWE-358 3.7 Low2025-06-06
CVE-2024-48909 SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not — spicedbCWE-172 2.0 Low2024-10-14
CVE-2024-46989 Multiple caveats on resources of the same type can result in no permission when permission is expected — spicedbCWE-269 3.7 Low2024-09-18
CVE-2024-38361 Permissions processing error in spacedb — spicedbCWE-281 3.7 Low2024-06-20
CVE-2024-32001 SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used — spicedbCWE-755 2.2 Low2024-04-10
CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic — spicedbCWE-190 7.3 High2024-03-01
CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed — spicedbCWE-532 4.2 Medium2023-10-31
CVE-2023-35930 LookupResources may return partial results in spicedb — spicedbCWE-913 3.7 Low2023-06-26
CVE-2023-29193 SpiceDB binding metrics port to untrusted networks and can leak command-line flags — spicedbCWE-209 8.7 High2023-04-14
CVE-2022-21646 Lookup operations do not take into account wildcards in SpiceDB — spicedbCWE-155 8.1 High2022-01-11

This page lists every published CVE security advisory associated with authzed. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.