spicedb — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in spicedb, with AI-generated Chinese analysis, references, and POCs.

Vendor: authzed

CVE ID	Title	CVSS	Severity	Published
CVE-2026-40091	SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs CWE-532	6.0	Medium	2026-04-14
CVE-2025-65111	SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results CWE-277	5.4	-	2025-11-21
CVE-2025-64529	SpiceDB's WriteRelationships fails silently if payload is too big CWE-770	8.1	-	2025-11-10
CVE-2025-49011	SpiceDB checks involving relations with caveats can result in no permission when permission is expected CWE-358	3.7	Low	2025-06-06
CVE-2024-48909	SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not CWE-172	2.0	Low	2024-10-14
CVE-2024-46989	Multiple caveats on resources of the same type can result in no permission when permission is expected CWE-269	3.7	Low	2024-09-18
CVE-2024-38361	Permissions processing error in spacedb CWE-281	3.7	Low	2024-06-20
CVE-2024-32001	SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used CWE-755	2.2	Low	2024-04-10
CVE-2024-27101	Integer overflow in chunking helper causes dispatching to miss elements or panic CWE-190	7.3	High	2024-03-01
CVE-2023-46255	`SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed CWE-532	4.2	Medium	2023-10-31
CVE-2023-35930	LookupResources may return partial results in spicedb CWE-913	3.7	Low	2023-06-26
CVE-2023-29193	SpiceDB binding metrics port to untrusted networks and can leak command-line flags CWE-209	8.7	High	2023-04-14
CVE-2022-21646	Lookup operations do not take into account wildcards in SpiceDB CWE-155	8.1	High	2022-01-11

All 13 known CVE vulnerabilities affecting spicedb with full Chinese analysis, references, and POCs where available.