214 matches found
PT-2025-46219
Name of the Vulnerable Software and Affected Versions SpiceDB versions prior to 1.45.2 Description SpiceDB is a database system for managing application permissions. Versions prior to 1.45.2 are susceptible to an issue where a successful response is incorrectly returned from a WriteRelationships...
EUVD-2024-0930
Malicious code in bioql PyPI...
EUVD-2022-0503
Malicious code in bioql PyPI...
EUVD-2023-1842
Malicious code in bioql PyPI...
EUVD-2024-2914
Malicious code in bioql PyPI...
EUVD-2025-17360
Malicious code in bioql PyPI...
EUVD-2024-2059
Malicious code in bioql PyPI...
EUVD-2024-1231
Malicious code in bioql PyPI...
EUVD-2023-1271
Malicious code in bioql PyPI...
SUSE CVE-2025-49011
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow'ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...
GO-2025-3744 SpiceDB checks involving relations with caveats can result in no permission when permission is expected in github.com/authzed/spicedb
SpiceDB checks involving relations with caveats can result in no permission when permission is expected in github.com/authzed/spicedb...
GHSA-CWWM-HR97-QFXM SpiceDB checks involving relations with caveats can result in no permission when permission is expected
Impact On schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. For example, given this schema:...
SpiceDB checks involving relations with caveats can result in no permission when permission is expected
Impact On schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. For example, given this schema:...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the evaluation of multiple caveated branches in the schema. An attacker can receive a NOPERMISSION response when a HASPERMISSION response is expected by exploiting the incorrect handling of caveats in...
CVE-2025-49011
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...
CVE-2025-49011 SpiceDB checks involving relations with caveats can result in no permission when permission is expected
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...
CVE-2025-49011 SpiceDB checks involving relations with caveats can result in no permission when permission is expected
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...
CVE-2025-49011 SpiceDB checks involving relations with caveats can result in no permission when permission is expected
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...
CVE-2025-49011
SpiceDB (v1.44.x) vulnerability: when resolving CheckPermission paths that involve arrows with caveats, the evaluation across multiple caveated branches may incorrectly return NO_PERMISSION instead of PERMISSION. Root cause is in caveats on an arrow’ed relation affecting multi-branch permission c...
SpiceDB 安全特征问题漏洞
SpiceDB is a fine-grained permissions database from the Authzed team. A security feature issue vulnerability exists in SpiceDB versions prior to 1.44.2, which stems from a schema evaluation issue involving arrow relationships that could result in an incorrect response...