✅ Check your installed version
All known vulnerabilities
HIGH8.1CVE-2024-31452OpenFGA Authorization Bypass in github.com/openfga/openfga >= 1.5.0, < 1.5.3
HIGH8.1CVE-2024-31452OpenFGA Authorization Bypass in github.com/openfga/openfga >= 1.5.0, < 1.5.3
HIGH7.5CVE-2024-42473OpenFGA Authorization Bypass in github.com/openfga/openfga >= 1.5.7, < 1.5.9
HIGH7.5CVE-2024-42473OpenFGA Authorization Bypass in github.com/openfga/openfga >= 1.5.7, < 1.5.9
HIGH7.5CVE-2023-45810OpenFGA DoS vulnerability in github.com/openfga/openfga from 0, < 1.3.4
HIGH7.5CVE-2023-45810OpenFGA DoS vulnerability in github.com/openfga/openfga from 0, < 1.3.4
MEDIUM6.5CVE-2026-40293OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response >= 0.1.4, < 1.14.0
MEDIUM6.5CVE-2023-40579OpenFGA Authorization Bypass in github.com/openfga/openfga from 0, < 1.3.1
MEDIUM6.5CVE-2023-40579OpenFGA Authorization Bypass in github.com/openfga/openfga from 0, < 1.3.1
MEDIUM5.9CVE-2023-43645OpenFGA Vulnerable to DoS from circular relationship definitions in github.com/openfga/openfga from 0, < 1.3.2
MEDIUM5.9CVE-2023-43645OpenFGA Vulnerable to DoS from circular relationship definitions in github.com/openfga/openfga from 0, < 1.3.2
MEDIUM5.9CVE-2023-35933Denial of service in github.com/openfga/openfga from 0, < 1.1.1
MEDIUM5.9CVE-2023-35933Denial of service in github.com/openfga/openfga from 0, < 1.1.1
MEDIUM5.9CVE-2022-39341OpenFGA Authorization Bypass via tupleset wildcard in github.com/openfga/openfga from 0, < 0.2.4
MEDIUM5.9CVE-2022-39341OpenFGA Authorization Bypass via tupleset wildcard in github.com/openfga/openfga from 0, < 0.2.4
MEDIUM5.9CVE-2022-39342OpenFGA Authorization Bypass in github.com/openfga/openfga from 0, < 0.2.4
MEDIUM5.9CVE-2022-39342OpenFGA Authorization Bypass in github.com/openfga/openfga from 0, < 0.2.4
MEDIUM5.3CVE-2024-23820OpenFGA denial of service in github.com/openfga/openfga from 0, < 1.4.3
MEDIUM5.3CVE-2024-23820OpenFGA denial of service in github.com/openfga/openfga from 0, < 1.4.3
MEDIUM5.3CVE-2022-39340OpenFGA subject to Information Disclosure via streamed-list-objects endpoint in github.com/openfga/openfga from 0, < 0.2.4
MEDIUM5.3CVE-2022-39340OpenFGA subject to Information Disclosure via streamed-list-objects endpoint in github.com/openfga/openfga from 0, < 0.2.4
from 0, < 1.14.1
MEDIUM5.0CVE-2026-34972OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision >= 1.8.0, < 1.14.0
MEDIUM4.8CVE-2022-39352OpenFGA Authorization Bypass in github.com/openfga/openfga from 0, < 0.2.5
MEDIUM4.8CVE-2022-39352OpenFGA Authorization Bypass in github.com/openfga/openfga from 0, < 0.2.5
—CVE-2026-33729OpenFGA has an Authorization Bypass through cached keys from 0, < 1.13.1
—CVE-2026-33729OpenFGA has an Authorization Bypass through cached keys from 0, < 1.13.1
—CVE-2026-24851OpenFGA Improper Policy Enforcement in github.com/openfga/openfga >= 1.8.5, < 1.11.3
—CVE-2026-24851OpenFGA Improper Policy Enforcement in github.com/openfga/openfga >= 1.8.5, < 1.11.3
>= 1.4.0, < 1.11.1
>= 1.4.0, < 1.11.1
—CVE-2025-55213OpenFGA Authorization Bypass in github.com/openfga/openfga >= 1.9.3, < 1.9.5
—CVE-2025-55213OpenFGA Authorization Bypass in github.com/openfga/openfga >= 1.9.3, < 1.9.5
>= 1.8.0, < 1.8.13
>= 1.8.0, < 1.8.13
—CVE-2025-46331OpenFGA Authorization Bypass in github.com/openfga/openfga >= 1.3.6, < 1.8.11
—CVE-2025-46331OpenFGA Authorization Bypass in github.com/openfga/openfga >= 1.3.6, < 1.8.11
—CVE-2025-25196OpenFGA Authorization Bypass in github.com/openfga/openfga from 0, < 1.8.5
—CVE-2025-25196OpenFGA Authorization Bypass in github.com/openfga/openfga from 0, < 1.8.5
—CVE-2024-56323OpenFGA Authorization Bypass in github.com/openfga/openfga >= 1.3.8, < 1.8.3
—CVE-2024-56323OpenFGA Authorization Bypass in github.com/openfga/openfga >= 1.3.8, < 1.8.3
—CVE-2022-23542OpenFGA Authorization Bypass in github.com/openfga/openfga >= 0.3.0, < 0.3.1
—CVE-2022-23542OpenFGA Authorization Bypass in github.com/openfga/openfga >= 0.3.0, < 0.3.1