Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2023-46255

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed (e.g. by having a password which contains :) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0-rc1 patches this issue.

Published: Oct 31, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-46255
GHSA: GHSA-jg7w-cxjv-98c2
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.2
AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
github.com/authzed/spicedb	-	1.27.0-rc1
authzed / spicedb	-	1.27.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo