Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

Please use this email: security@openfga.dev to reach out to us regarding any security concerns/vulnerabilities. Please avoid using GitHub issues/discussions for the same.

All vulnerabilities and associated information will be treated with full confidentiality. We strive to reply within 5 business days.

OpenFGA Authorization Bypass
GHSA-8cph-m685-6v6r published Apr 16, 2024 by miparnisari

High
OpenFGA DoS
GHSA-rxpw-85vw-fx87 published Jan 26, 2024 by miparnisari

Moderate
OpenFGA DoS
GHSA-hr4f-6jh8-f2vq published Oct 17, 2023 by miparnisari

Moderate
DoS from circular relationship definitions
GHSA-2hm9-h873-pgqh published Sep 26, 2023 by jon-whit

Moderate
OpenFGA Authorization Bypass
GHSA-jcf2-mxr2-gmqp published Aug 25, 2023 by miparnisari

High
OpenFGA DoS
GHSA-hr9r-8phq-5x8j published Jun 26, 2023 by jon-whit

Moderate
OpenFGA Authorization Bypass
GHSA-m3q4-7qmj-657m published Dec 20, 2022 by SamyGhannad

High
OpenFGA Authorization Bypass
GHSA-3gfj-fxx4-f22w published Nov 7, 2022 by SamyGhannad

High
OpenFGA Authorization Bypass
GHSA-f4mm-2r69-mg5f published Oct 24, 2022 by SamyGhannad

High
OpenFGA Authorization Bypass
GHSA-vj4m-83m8-xpw5 published Oct 24, 2022 by SamyGhannad

High

Learn more about advisories related to openfga/openfga in the GitHub Advisory Database