Package impact
Go / github.com/authzed/spicedb
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-40091 | medium | — | 5.5 | 1mo ago | SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs | |
| CVE-2026-46668 | low | — | 2.5 | 7d ago | SpiceDB: Caveat structures with nested lists can result in improper cache reuse | |
| CVE-2025-65111 | low | — | 2.5 | 6mo ago | SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results | |
| CVE-2025-64529 | low | — | 2.5 | 7mo ago | SpiceDB WriteRelationships fails silently if payload is too big |