Enterprise

Review security and CVE scan results for Gloo Gateway Enterprise.

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.

Latest 1.20.x Gloo Enterprise Release: 1.20.3

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.20.2

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.20.1

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.20.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.1 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.1 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.20.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.20.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.20.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.1 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.1 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.1 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.20.0

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.20.0 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.0 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.0 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.20.0 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.20.0 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.20.0 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.0 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.0 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.0 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.0 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Latest 1.19.x Gloo Enterprise Release: 1.19.11

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.19.10

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.10 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.10 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.10 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.10 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.10 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.10 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.10 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.10 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.10 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.10 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.19.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.9 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.9 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.9 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.9 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.9 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.9 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.9 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.9 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.9 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.9 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.19.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.8 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.8 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.8 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.8 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.8 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.8 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.8 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.8 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.8 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.8 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.19.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.7 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.7 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.7 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.7 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.7 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.7 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.7 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.7 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.7 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.7 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.19.6

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.6 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.6 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.6 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.6 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.6 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.6 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.6 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.6 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.6 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.6 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.19.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.5 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.5 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.5 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.5 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.5 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.5 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.5 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.5 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.5 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.5 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.19.4

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.4 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.4 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.4 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.4 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.4 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.19.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.3 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.3 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.3 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.3 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.19.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.2 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.2 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.2 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.19.1

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.1 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.19.0

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.0 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Latest 1.18.x Gloo Enterprise Release: 1.18.21

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.18.20

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.20 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.20 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.20 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.20 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.20 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.20 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.20 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.20 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.20 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.20 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.18.19

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.19 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.19 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.19 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.19 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.19 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.19 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.19 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.19 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.19 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.19 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.18.18

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.18 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.18 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.18 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.18 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.18 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.18 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.18 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.18 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.18 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.18 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.18.17

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.17 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.17 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.17 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.17 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.17 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.17 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.17 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.17 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.17 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.17 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.16

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.16 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.16 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.16 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.16 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.16 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.15

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.15 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.15 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.15 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.15 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.15 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.14

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.14 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.14 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.14 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.14 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.14 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.13

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.13 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.13 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.12

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.12 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.12 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.11 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.11 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.10

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.10 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.9 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.8 (ubuntu 20.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.7 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.7 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2025-27113	libxml2	HIGH	2.11.8-r1	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r1	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r1	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.6

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.6 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.6 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.5 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.5 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.4

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.4 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.4 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.3 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.3 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.2 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.2 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.1

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.1 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.1 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.1 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.1 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.1 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.1 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.18.0

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.0 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.0 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.0 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.0 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.0 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.0 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.0 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Latest 1.17.x Gloo Enterprise Release: 1.17.17

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.17.16

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.16 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.16 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.16 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.16 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.16 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.16 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.16 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.16 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.16 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.17.15

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.15 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.15 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.15 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.15 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.15 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.15 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.15 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.15 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.15 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.17.14

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.14 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/rate-limit

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.14 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.14 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/envoyinit

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.14 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/observability

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.14 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/extauth

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.14 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.14 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/gloo-fed-apiserver

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.14 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.14 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/gloo-fed-rbac-validating-webhook

Release 1.17.13

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.13 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.13 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.13 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.13 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.12

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.12 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.12 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.12 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.12 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.11 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.10

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2024-55549	libxslt	HIGH	1.1.42-r1	1.1.42-r2	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.42-r1	1.1.42-r2	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.7 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.6

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.6 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.5 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.4

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.4 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.3 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.3-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.2 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.3-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Release 1.17.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.0 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907