GHSA-VHVQ-FV9F-WH4Q LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic

Description A malformed or tampered-with LookupResources Cursor token can cause a panic in the SpiceDB process if it fails to parse. If an attacker were able to make requests to a SpiceDB instance, they could affect its availability. Reproduction If one was to take a cursor from a LookupResources...

SUSE CVE-2025-65111

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...

CVE-2025-64529 SpiceDB's WriteRelationships fails silently if payload is too big

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions prior to 1.45.2, users who use the exclusion operator somewhere in their authorization schema; have configured their SpiceDB server such that...

SUSE CVE-2024-48909

SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled LookupResources2 and have caveats in the evaluation path for their requests can return a permissionship of...

PT-2024-33261 · Spicedb +1 · Spicedb +1

Name of the Vulnerable Software and Affected Versions: SpiceDB versions 1.35.0 through 1.37.0 Description: SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Clients that have enabled LookupResources2 and have caveats in the evaluation path for...