Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

openfga — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting openfga. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenFGA is an open-source fine-grained authorization engine designed to manage complex access control policies for modern applications. Despite its utility in enforcing granular permissions, the software has recorded twenty-three Common Vulnerabilities and Exposures (CVEs), indicating significant historical security instability. These vulnerabilities predominantly involve remote code execution, privilege escalation, and denial-of-service conditions, often stemming from improper input validation or logic flaws in policy evaluation. While no single catastrophic breach has been widely publicized as a direct result of these specific CVEs, the high volume of disclosed issues suggests a pattern of recurring implementation errors. Security practitioners should treat the current version with caution, prioritizing immediate patching and rigorous input sanitization. The repeated nature of these flaws highlights the need for enhanced static analysis and formal verification in the project’s development lifecycle to ensure robust access control integrity.

Found 23 results / 23Clear Filters
Top products by openfga: openfga
CVE IDTitleCVSSSeverityPublished
CVE-2026-41131 OpenFGA has Improper Policy Enforcement — openfgaCWE-863 5.0 Medium2026-04-21
CVE-2026-40293 OpenFGA Playground Preshared Key Exposure — openfgaCWE-200 6.5 Medium2026-04-17
CVE-2026-34972 OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision — openfgaCWE-863 5.0 Medium2026-04-06
CVE-2026-33729 OpenFGA has an Authorization Bypass through cached keys — openfgaCWE-20 3.7 -2026-03-27
CVE-2026-24851 OpenFGA Improper Policy Enforcement — openfgaCWE-863 9.8AICriticalAI2026-02-06
CVE-2025-64751 OpenFGA Improper Policy Enforcement — openfgaCWE-285 9.8 -2025-11-21
CVE-2025-55213 OpenFGA Authorization Bypass (Check) — openfgaCWE-863 9.8 -2025-08-18
CVE-2025-48371 OpenFGA Authorization Bypass — openfgaCWE-285 9.8AICriticalAI2025-05-22
CVE-2025-46331 OpenFGA Authorization Bypass — openfgaCWE-284 9.8AICriticalAI2025-04-30
CVE-2025-25196 OpenFGA Authorization Bypass — openfgaCWE-285 8.1 -2025-02-19
CVE-2024-56323 OpenFGA Authorization Bypass — openfgaCWE-285 9.8 -2025-01-13
CVE-2024-42473 OpenFGA Authorization Bypass — openfgaCWE-863 7.5 High2024-08-09
CVE-2024-31452 OpenFGA Authorization Bypass — openfgaCWE-863 8.1 High2024-04-16
CVE-2024-23820 OpenFGA DoS — openfgaCWE-770 5.3 Medium2024-01-26
CVE-2023-45810 OpenFGA denial of service — openfgaCWE-400 5.3 Medium2023-10-17
CVE-2023-43645 Denial of service from circular relationship definitions in OpenFGA — openfgaCWE-835 5.9 Medium2023-09-26
CVE-2023-40579 OpenFGA Authorization Bypass — openfgaCWE-284 6.5 Medium2023-08-25
CVE-2023-35933 OpenFGA denial of service die to circular relationship — openfgaCWE-835 5.9 Medium2023-06-26
CVE-2022-23542 OpenFGA Authorization Bypass — openfgaCWE-285 7.7 High2022-12-20
CVE-2022-39352 OpenFGA Authorization Bypass — openfgaCWE-863 4.8 Medium2022-11-08
CVE-2022-39342 OpenFGA Authorization Bypass — openfgaCWE-285 5.9 Medium2022-10-25
CVE-2022-39341 OpenFGA Authorization Bypass — openfgaCWE-285 5.9 Medium2022-10-25
CVE-2022-39340 OpenFGA Information Disclosure — openfgaCWE-285 5.3 Medium2022-10-25

This page lists every published CVE security advisory associated with openfga. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.