21 matches found
CVE-2022-23542
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and...
EUVD-2022-7210
Malicious code in bioql PyPI...
EUVD-2025-16351
Malicious code in bioql PyPI...
EUVD-2022-7168
Malicious code in bioql PyPI...
GO-2025-3707 OpenFGA Authorization Bypass in github.com/openfga/openfga
OpenFGA Authorization Bypass in github.com/openfga/openfga...
CVE-2025-48371 OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected...
CVE-2025-48371 OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected...
CVE-2025-46331
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...
CVE-2025-46331 OpenFGA Authorization Bypass
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...
CVE-2025-46331 OpenFGA Authorization Bypass
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...
PT-2025-18316 · Openfga · Openfga
Name of the Vulnerable Software and Affected Versions: OpenFGA versions 1.3.6 through 1.8.10 Description: OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. The issue concerns an authorization bypass when certain Check...
GO-2025-3470 OpenFGA Authorization Bypass in github.com/openfga/openfga
OpenFGA Authorization Bypass in github.com/openfga/openfga...
CVE-2025-25196 OpenFGA Authorization Bypass
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.4 Helm chart openfga-0.2.22, docker v.1.8.4 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users on OpenFGA...
CVE-2024-56323
OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2 are vulnerable to authorization bypass under the following conditions: 1. calling Check API or ListObjects with a model that uses conditions, and 2...
GO-2022-1179 OpenFGA Authorization Bypass in github.com/openfga/openfga
OpenFGA Authorization Bypass in github.com/openfga/openfga...
GO-2022-1081 OpenFGA Authorization Bypass in github.com/openfga/openfga
OpenFGA Authorization Bypass in github.com/openfga/openfga...
GO-2022-1099 OpenFGA Authorization Bypass in github.com/openfga/openfga
OpenFGA Authorization Bypass in github.com/openfga/openfga...
Authorization
OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, t...
CVE-2022-23542 OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and...
CVE-2022-39352 OpenFGA Authorization Bypass
OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...