On this page
Enterprise
Review security and CVE scan results for Gloo Gateway Enterprise.
Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.
Latest 1.21.x Gloo Enterprise Release: 1.21.0
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.21.0 (alpine 3.21.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.21.0 (ubuntu 24.04)
No Vulnerabilities Found for usr/local/bin/gloo
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.21.0 (ubuntu 24.04)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.21.0 (alpine 3.21.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.21.0 (alpine 3.21.3)
No Vulnerabilities Found for usr/local/bin/extauth
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.21.0 (alpine 3.21.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.21.0 (ubuntu 24.04)
No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.21.0 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.21.0 (alpine 3.23.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.21.0 (alpine 3.21.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Latest 1.20.x Gloo Enterprise Release: 1.20.9
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.20.9 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.9 (ubuntu 24.04)
No Vulnerabilities Found for usr/local/bin/gloo
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.9 (ubuntu 24.04)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.20.9 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.20.9 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/extauth
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.20.9 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.9 (ubuntu 24.04)
No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.9 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.20.9 (alpine 3.23.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.9 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.20.8
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.20.8 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.8 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.8 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.20.8 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.20.8 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.20.8 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.8 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.8 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.8 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.4-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.8 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Release 1.20.7
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.7 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.7 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.7 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.7 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.7 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.7 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.7 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.7 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.7 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.4-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.7 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-25679 | stdlib | HIGH | v1.25.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.20.6
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.20.6 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.6 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.6 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.20.6 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.20.6 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.20.6 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.6 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.6 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.6 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2026-25646 | libpng | HIGH | 1.6.54-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.6 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.20.5
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.5 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.5 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.5 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.5 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.5 (alpine 3.23.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2026-22695 | libpng | HIGH | 1.6.53-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.53-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.53-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-22184 | zlib | HIGH | 1.3.1-r2 | 1.3.2-r0 | https://avd.aquasec.com/nvd/cve-2026-22184 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.20.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.4 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.4 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-66293 | libpng | HIGH | 1.6.51-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.51-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.51-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.51-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.20.3
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.3 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.3 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.20.2
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.2 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.2 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.20.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.1 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.1 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.20.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v28.1.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.0 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.0 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.2-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.2-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Latest 1.19.x Gloo Enterprise Release: 1.19.15
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.15 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.15 (ubuntu 24.04)
No Vulnerabilities Found for usr/local/bin/gloo
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.15 (ubuntu 24.04)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.15 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.15 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/extauth
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.15 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.15 (ubuntu 24.04)
No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.15 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.19.15 (alpine 3.23.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.15 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.19.14
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.14 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.14 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.14 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.14 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.14 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.14 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.14 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.14 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.14 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.4-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.14 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Release 1.19.13
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.13 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.13 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.13 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.13 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.13 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.13 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.13 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.13 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.13 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2026-25646 | libpng | HIGH | 1.6.54-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.13 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.12
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.12 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.12 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.12 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.12 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.12 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-66293 | libpng | HIGH | 1.6.51-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.51-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.51-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.51-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.11
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.11 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.11 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.11 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.11 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.11 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.10
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.10 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.10 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.10 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.10 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.10 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.9
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.9 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.9 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.9 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.9 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.9 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.2-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.2-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.8
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.8 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.8 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.8 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.8 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.8 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.1-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.1-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.7
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.7 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.7 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.7 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.7 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.7 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.1-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.1-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.6
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.6 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.5
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.5 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.4 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.3
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-48384 | git-man | HIGH | 1:2.43.0-1ubuntu7.2 | 1:2.43.0-1ubuntu7.3 | https://avd.aquasec.com/nvd/cve-2025-48384 |
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.3 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.2
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-48384 | git-man | HIGH | 1:2.43.0-1ubuntu7.2 | 1:2.43.0-1ubuntu7.3 | https://avd.aquasec.com/nvd/cve-2025-48384 |
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.2 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.1 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.19.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.0 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Latest 1.18.x Gloo Enterprise Release: 1.18.25
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.25 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/rate-limit
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.25 (ubuntu 24.04)
No Vulnerabilities Found for usr/local/bin/gloo
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.25 (ubuntu 24.04)
No Vulnerabilities Found for usr/local/bin/envoyinit
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.25 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/observability
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.25 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/extauth
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.25 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.25 (ubuntu 24.04)
No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.25 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.18.25 (alpine 3.23.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.25 (alpine 3.23.3)
No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook
Release 1.18.24
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.24 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.24 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.24 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.24 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.24 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.24 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.24 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.24 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.24 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.4-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.24 (alpine 3.23.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
Release 1.18.23
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.23 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.23 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.23 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.23 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.23 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.23 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.23 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.23 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.23 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2026-25646 | libpng | HIGH | 1.6.54-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.23 (alpine 3.21.5)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.22
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.22 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.22 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.22 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.22 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.22 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.22 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.22 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.22 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.22 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-66293 | libpng | HIGH | 1.6.51-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.51-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.51-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.51-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.22 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.21
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.21 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.21 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.21 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.21 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.21 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.21 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.21 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.21 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.21 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.21 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.20
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.20 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.20 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.20 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.20 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.20 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.3-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.3-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.4-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.19
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.19 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.19 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.19 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.19 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.19 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.2-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.2-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.2-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.18
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.18 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.18 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.18 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.18 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.18 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.1-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.1-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.17
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.17 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.17 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.17 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.17 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.17 (alpine 3.22.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.1-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.1-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.51-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.5.1-r0 | 3.5.5-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.8-r0 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-58050 | pcre2 | CRITICAL | 10.43-r1 | 10.46-r0 | https://avd.aquasec.com/nvd/cve-2025-58050 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.16
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.16 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.16 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.16 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.16 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.4 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.15
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.15 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.15 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-48384 | git-man | HIGH | 1:2.43.0-1ubuntu7.2 | 1:2.43.0-1ubuntu7.3 | https://avd.aquasec.com/nvd/cve-2025-48384 |
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.15 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.15 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.14
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.14 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.14 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-48384 | git-man | HIGH | 1:2.43.0-1ubuntu7.2 | 1:2.43.0-1ubuntu7.3 | https://avd.aquasec.com/nvd/cve-2025-48384 |
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.14 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.2 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.14 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.13
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.13 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.12
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.12 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.12 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.11
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.11 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r6 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.11 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.10
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.10 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.3 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.9
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.9 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-31115 | xz-libs | HIGH | 5.6.3-r0 | 5.6.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.8
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.8 (ubuntu 20.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-32767 | libexpat | CRITICAL | 2.7.0-r0 | 2.7.5-r0 | https://avd.aquasec.com/nvd/cve-2026-32767 |
| CVE-2026-25210 | libexpat | HIGH | 2.7.0-r0 | 2.7.4-r0 | https://avd.aquasec.com/nvd/cve-2026-25210 |
| CVE-2025-64720 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-64720 |
| CVE-2025-65018 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-65018 |
| CVE-2025-66293 | libpng | HIGH | 1.6.47-r0 | 1.6.53-r0 | https://avd.aquasec.com/nvd/cve-2025-66293 |
| CVE-2026-22695 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22695 |
| CVE-2026-22801 | libpng | HIGH | 1.6.47-r0 | 1.6.54-r0 | https://avd.aquasec.com/nvd/cve-2026-22801 |
| CVE-2026-25646 | libpng | HIGH | 1.6.47-r0 | 1.6.55-r0 | https://avd.aquasec.com/nvd/cve-2026-25646 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-49794 | libxml2 | CRITICAL | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49794 |
| CVE-2025-49796 | libxml2 | CRITICAL | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49796 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2025-49795 | libxml2 | HIGH | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-49795 |
| CVE-2025-6021 | libxml2 | HIGH | 2.13.4-r5 | 2.13.9-r0 | https://avd.aquasec.com/nvd/cve-2025-6021 |
| CVE-2025-31115 | xz-libs | HIGH | 5.6.3-r0 | 5.6.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.7
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.7 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.7 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r1 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r1 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r1 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.6
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.6 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.6 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.5
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.5 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.5 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.4 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.4 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.3
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.3 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.3 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.2
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| GHSA-6g7g-w4f8-9c9x | github.com/buger/jsonparser | HIGH | v1.1.1 | https://github.com/advisories/GHSA-6g7g-w4f8-9c9x | |
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.2 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.2 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.1 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.1 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Release 1.18.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
Gloo Enterprise gloo-fed-apiserver-envoy image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.0 (ubuntu 22.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.2.27-3ubuntu2.1 | 2.2.27-3ubuntu2.5 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.0 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | CRITICAL | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-26519 | musl | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.4-r2 | 1.2.4-r3 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |