CVE-2026-41131

< 1.14.1

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using c

5.0MEDIUM

CVE-2026-40293

>= 0.1.4 and < 1.14.0

OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1, when OpenFGA is configured t

6.5MEDIUM

CVE-2026-34972

>= 1.8.0 and < 1.14.0

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. F

5.0MEDIUM

CVE-2026-33729

< 1.13.1

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. I

9.8CRITICAL

CVE-2026-24851

>= 1.8.5 and < 1.11.3

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. O

8.8HIGH

CVE-2025-64751

>= 1.4.0 and < 1.11.1

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. O

8.8HIGH

CVE-2025-55213

>= 1.9.3 and < 1.9.5

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. O

9.8CRITICAL

CVE-2025-48371

>= 1.8.0 and < 1.8.13

OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 t

8.8HIGH

CVE-2025-46331

>= 1.3.6 and < 1.8.11

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. O

9.8CRITICAL

CVE-2025-25196

< 1.8.5

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. O

9.8CRITICAL

CVE-2024-56323

>= 1.3.8 and < 1.8.3

OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 (Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1

9.8CRITICAL

CVE-2024-42473

all versions

OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check

7.5HIGH

CVE-2024-31452

>= 1.5.0 and < 1.5.3

OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerab

8.1HIGH

CVE-2024-23820

< 1.4.3

OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scena

5.3MEDIUM

CVE-2023-45810

< 1.3.4

OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of O

5.3MEDIUM

CVE-2023-43645

< 1.3.2

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a den

5.9MEDIUM

CVE-2023-40579

< 1.3.1

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3

6.5MEDIUM

CVE-2023-35933

< 1.1.1

OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable t

5.9MEDIUM

CVE-2022-23542

< 0.3.1

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security as

7.7HIGH

CVE-2022-39352

< 0.2.5

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable

4.8MEDIUM

CVE-2022-39342

< 0.2.4

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certai

5.9MEDIUM

CVE-2022-39341

< 0.2.4

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certai

5.9MEDIUM

CVE-2022-39340

< 0.2.4

OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the streamed-list-objects endpoint was not validating the

5.3MEDIUM