Enterprise
Review security and CVE scan results for Gloo Gateway Enterprise.
Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.
Latest 1.21.x Gloo Enterprise Release: 1.21.1
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.21.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.21.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.21.0 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.21.0 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.21.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.21.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.21.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.21.0 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.21.0 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.21.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.21.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Latest 1.20.x Gloo Enterprise Release: 1.20.10
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.20.9
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.9 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.9 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.9 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.9 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.9 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.9 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.9 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.9 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.9 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.9 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.8
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.8 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.8 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v28.0.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.8 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.8 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.8 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.8 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.8 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.8 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.8 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-33416 | libpng | HIGH | 1.6.55-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.55-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.8 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.7
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.7 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.7 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v28.0.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.7 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.7 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.7 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.7 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.7 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.7 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.7 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-33416 | libpng | HIGH | 1.6.55-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.55-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.7 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.6
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.6 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v28.0.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.6 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.6 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.6 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.6 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2026-25646 | libpng | HIGH | 1.6.54-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.54-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.54-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.5
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.5 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v28.0.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.5 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.5 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.5 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.5 (alpine 3.23.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2026-22695 | libpng | HIGH | 1.6.53-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.53-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.53-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.53-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.53-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v28.0.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.4 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.4 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-66293 | libpng | HIGH | 1.6.51-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.51-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.51-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.51-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.51-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.51-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.3
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v28.0.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.3 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.3 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.2
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v28.0.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.2 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.2 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v28.0.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.1 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.1 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v28.0.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.0 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.0 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.0 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.2-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.2-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Latest 1.19.x Gloo Enterprise Release: 1.19.16
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.19.15
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.15 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.15 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.15 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.15 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.15 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.15 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.15 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.15 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.15 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.15 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.14
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.14 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.14 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.1 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.14 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.14 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.1 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.14 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.14 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.1 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.14 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.1 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.14 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.14 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-33416 | libpng | HIGH | 1.6.55-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.55-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.14 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.13
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.13 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.13 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.13 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.13 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.13 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.13 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.13 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.13 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.13 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2026-25646 | libpng | HIGH | 1.6.54-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.54-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.54-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.13 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.12
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.12 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.12 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.12 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.12 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.12 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-66293 | libpng | HIGH | 1.6.51-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.51-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.51-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.51-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.51-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.51-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.11
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.11 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.11 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.11 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.11 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.11 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.10
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.10 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.10 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.10 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.10 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.10 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.9
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.9 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.9 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.9 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.9 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.9 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.2-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.2-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.8
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.8 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.8 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.8 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.8 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.8 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.1-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.1-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.7
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.7 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.7 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.7 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.7 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.7 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.1-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.1-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.6
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.6 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.5
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.5 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.4 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.3
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-48384 | git-man | HIGH | 1:2.43.0-1ubuntu7.2 | 1:2.43.0-1ubuntu7.3 | https://avd.aquasec.com/nvd/cve-2025-48384 |
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.3 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.2
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-48384 | git-man | HIGH | 1:2.43.0-1ubuntu7.2 | 1:2.43.0-1ubuntu7.3 | https://avd.aquasec.com/nvd/cve-2025-48384 |
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.2 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.1 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.0 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Latest 1.18.x Gloo Enterprise Release: 1.18.26
Gloo Enterprise rate-limit-ee image
No scan found
Gloo Enterprise gloo-ee image
No scan found
Gloo Enterprise gloo-ee-envoy-wrapper image
No scan found
Gloo Enterprise observability-ee image
No scan found
Gloo Enterprise extauth-ee image
No scan found
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No scan found
Gloo Enterprise gloo-fed-apiserver image
No scan found
Gloo Enterprise gloo-fed-apiserver-envoy image
No scan found
Gloo Enterprise gloo-federation-console image
No scan found
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No scan found
Release 1.18.25
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.25 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.25 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.25 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.25 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.25 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.25 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.25 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v4 | HIGH | v4.1.3 | 4.1.4 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.25 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.25 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.25 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.24
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.24 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.24 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.24 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.24 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.24 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.24 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.24 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.24 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.24 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-33416 | libpng | HIGH | 1.6.55-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.55-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.24 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.4 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.23
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.23 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.23 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.23 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.23 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.23 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.23 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.23 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.23 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.23 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2026-25646 | libpng | HIGH | 1.6.54-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.54-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.54-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.23 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.22
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.22 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.22 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.22 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.22 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.22 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.22 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.22 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.22 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.22 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-66293 | libpng | HIGH | 1.6.51-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.51-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.51-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.51-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.51-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.51-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.22 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.21
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.21 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.21 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.21 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.21 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.21 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.21 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.21 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.21 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.21 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.21 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.20
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.20 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.20 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.20 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.20 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.20 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.4-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.19
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.19 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.19 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.19 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.19 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.19 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.2-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.2-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.18
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.18 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.18 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.18 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.18 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.18 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.1-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.1-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.17
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.17 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.17 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.17 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.17 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.17 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.1-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.1-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.16
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.16 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.4.1+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.16 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.16 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.16 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.15
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.15 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.15 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-48384 | git-man | HIGH | 1:2.43.0-1ubuntu7.2 | 1:2.43.0-1ubuntu7.3 | https://avd.aquasec.com/nvd/cve-2025-48384 |
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.15 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.15 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.14
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.14 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.14 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-48384 | git-man | HIGH | 1:2.43.0-1ubuntu7.2 | 1:2.43.0-1ubuntu7.3 | https://avd.aquasec.com/nvd/cve-2025-48384 |
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.14 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.14 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.13
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.13 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.12
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.12 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.11
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.11 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.10
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.10 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.9
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.9 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-31115 | xz-libs | HIGH | 5.6.3-r0 | 5.6.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.8
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.8 (ubuntu 20.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-33416 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33416 |
| CVE-2026-33636 | libpng | HIGH | 1.6.47-r0 | 1.6.56-r0 | https://avd.aquasec.com/nvd/cve-2026-33636 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-31115 | xz-libs | HIGH | 5.6.3-r0 | 5.6.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.7
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.7 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.7 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r1 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r1 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r1 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.6
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.6 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.6 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.5
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.5 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.5 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.4 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.4 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.3
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.3 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.3 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.2
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32285 | github.com/buger/jsonparser | HIGH | v1.1.1 | 1.1.2 | https://avd.aquasec.com/nvd/cve-2026-32285 |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.2 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.2 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.1 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.1 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/docker/docker | HIGH | v27.2.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.0 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.0 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-34986 | github.com/go-jose/go-jose/v3 | HIGH | v3.0.3 | 3.0.5 | https://avd.aquasec.com/nvd/cve-2026-34986 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |