On this page
Open source
Review security and CVE scan results for Gloo Gateway open source.
Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.
Latest 1.21.x Gloo Open Source Release: 1.21.3
Gloo access-logger image
No scan found
Gloo certgen image
No scan found
Gloo discovery image
No scan found
Gloo gloo image
No scan found
Gloo gloo-envoy-wrapper image
No scan found
Gloo ingress image
No scan found
Gloo sds image
No scan found
Release 1.21.2
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.21.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.21.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.21.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.21.2 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.21.2 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.21.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.21.2 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.21.1
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.21.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.21.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.21.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.21.1 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.21.1 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.21.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.21.1 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.21.0
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.21.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.21.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.21.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.21.0 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.21.0 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.21.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.21.0 (alpine 3.23.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.5.5-r0 | 3.5.6-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-32282 | stdlib | HIGH | v1.26.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Latest 1.20.x Gloo Open Source Release: 1.20.13
Gloo access-logger image
No scan found
Gloo certgen image
No scan found
Gloo discovery image
No scan found
Gloo gloo image
No scan found
Gloo gloo-envoy-wrapper image
No scan found
Gloo ingress image
No scan found
Gloo sds image
No scan found
Release 1.20.12
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.20.12 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.20.12 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.11
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.20.11 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.20.11 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.10
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.10 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.10 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.10 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.20.10 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.20.10 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.10 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.10 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.9
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.9 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.9 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.9 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.20.9 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.20.9 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.9 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.9 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.8
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.8 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.8 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.8 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.20.8 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.20.8 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.8 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.8 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.7
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.7 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.7 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.7 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
Vulnerabilities Listed for quay.io/solo-io/gloo:1.20.7 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-envoy-wrapper:1.20.7 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.7 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.7 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.6
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
Vulnerabilities Listed for quay.io/solo-io/gloo:1.20.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-envoy-wrapper:1.20.6 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.6 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.5
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
Vulnerabilities Listed for quay.io/solo-io/gloo:1.20.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-envoy-wrapper:1.20.5 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.5 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.4
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
Vulnerabilities Listed for quay.io/solo-io/gloo:1.20.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-envoy-wrapper:1.20.4 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.4 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.3
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
Vulnerabilities Listed for quay.io/solo-io/gloo:1.20.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-envoy-wrapper:1.20.3 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.3 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.2
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
Vulnerabilities Listed for quay.io/solo-io/gloo:1.20.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-envoy-wrapper:1.20.2 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.1
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
Vulnerabilities Listed for quay.io/solo-io/gloo:1.20.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-envoy-wrapper:1.20.1 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.20.0
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
Vulnerabilities Listed for quay.io/solo-io/gloo:1.20.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.37.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
Vulnerabilities Listed for quay.io/solo-io/gloo-envoy-wrapper:1.20.0 (ubuntu 24.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-68973 | gpgv | HIGH | 2.4.4-2ubuntu17.3 | 2.4.4-2ubuntu17.4 | https://avd.aquasec.com/nvd/cve-2025-68973 |
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.20.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.74.2 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Latest 1.19.x Gloo Open Source Release: 1.19.14
Gloo access-logger image
No scan found
Gloo certgen image
No scan found
Gloo discovery image
No scan found
Gloo gloo image
No scan found
Gloo gloo-envoy-wrapper image
No scan found
Gloo ingress image
No scan found
Gloo sds image
No scan found
Release 1.19.13
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.13 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.13 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.13 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.42.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.13 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.13 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.75.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.12
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.12 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.11
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.11 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.10
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.10 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.10 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.10 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.10 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.10 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.9
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.9 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.9 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.9 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.9 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.9 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.8
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.8 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.8 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.8 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.8 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.8 (alpine 3.21.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.7
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.7 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.6
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.6 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.5
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.5 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.4
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.4 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.3
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.3 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.2
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.2 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.1
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.1 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.19.0
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.19.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.19.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.19.0 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.71.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Latest 1.18.x Gloo Open Source Release: 1.18.35
Gloo access-logger image
No scan found
Gloo certgen image
No scan found
Gloo discovery image
No scan found
Gloo gloo image
No scan found
Gloo gloo-envoy-wrapper image
No scan found
Gloo ingress image
No scan found
Gloo sds image
No scan found
Release 1.18.34
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.34 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.34 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.34 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.34 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.41.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.34 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.34 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.34 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2026-32282 | stdlib | HIGH | v1.25.8 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.33
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.33 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.33 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.33 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.33 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.33 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.33 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.33 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.6-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.32
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.32 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.32 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.32 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.32 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.32 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.32 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.32 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.31
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.31 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.31 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.31 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.31 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.31 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.31 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.31 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.11 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.11 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.11 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.11 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.30
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.30 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.30 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.30 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.30 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.30 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.30 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.30 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.5-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.5-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.9 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.9 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.9 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.9 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.9 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.29
Gloo access-logger image
No scan found
Gloo certgen image
No scan found
Gloo discovery image
No scan found
Gloo gloo image
No scan found
Gloo gloo-envoy-wrapper image
No scan found
Gloo ingress image
No scan found
Gloo sds image
No scan found
Release 1.18.28
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.28 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.28 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.28 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.28 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.28 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.28 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.28 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.27
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.27 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.27 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.27 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.27 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.27 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.27 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.27 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.6 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.6 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.6 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.6 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.6 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.26
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.26 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.26 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.26 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.26 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.26 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.26 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.26 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.25
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.25 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.25 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.25 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.25 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.25 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.25 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.25 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.4-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.4-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.24
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.24 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.24 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.24 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.24 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.24 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.24 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.24 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.23
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.23 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.23 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.23 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.23 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.34.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.23 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.23 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.23 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.5.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.25.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.70.0 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.17.0 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.22
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.22 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.22 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.22 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.22 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.22 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.22 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.22 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.4 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.4 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.4 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.4 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.4 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.4 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.4 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.21
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.21 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.21 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.21 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.21 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.21 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.21 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.21 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.24.1 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
| CVE-2025-47907 | stdlib | HIGH | v1.24.1 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.24.1 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.24.1 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.24.1 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.24.1 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.24.1 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.20
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.20 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.20 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.20 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.19
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.19 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.19 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.18
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.18 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.18 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.17
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.17 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.17 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.16
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.16 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.16 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.16 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.15
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.15 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.15 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.15 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.14
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.14 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.14 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.14 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.13
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.13 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libcrypto3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.3.3-r0 | 3.3.6-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2026-28390 | libssl3 | HIGH | 3.3.3-r0 | 3.3.7-r0 | https://avd.aquasec.com/nvd/cve-2026-28390 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.12
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.12 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.12 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.12 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.12 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.12 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.7 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.7 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.7 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.7 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.7 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.7 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.7 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.11
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.11 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.11 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.11 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.11 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.11 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.10
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.10 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.10 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.10 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.10 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.10 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.9
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.9 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.9 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.9 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.9 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.9 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.8
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.8 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.8 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.8 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.8 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.8 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.7
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.6
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.5
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.4
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.3
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.2
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.1
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Release 1.18.0
Gloo access-logger image
Vulnerabilities Listed for quay.io/solo-io/access-logger:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/access-logger
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo certgen image
Vulnerabilities Listed for quay.io/solo-io/certgen:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/certgen
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo discovery image
Vulnerabilities Listed for quay.io/solo-io/discovery:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/discovery
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo image
No Vulnerabilities Found for quay.io/solo-io/gloo:1.18.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2026-24051 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.40.0 | https://avd.aquasec.com/nvd/cve-2026-24051 |
| CVE-2026-39883 | go.opentelemetry.io/otel/sdk | HIGH | v1.31.0 | 1.43.0 | https://avd.aquasec.com/nvd/cve-2026-39883 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo gloo-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.18.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo ingress image
Vulnerabilities Listed for quay.io/solo-io/ingress:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/ingress
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |
Gloo sds image
Vulnerabilities Listed for quay.io/solo-io/sds:1.18.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15467 | libcrypto3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libcrypto3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-15467 | libssl3 | CRITICAL | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-15467 |
| CVE-2025-69419 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69419 |
| CVE-2025-69421 | libssl3 | HIGH | 3.0.15-r1 | 3.0.19-r0 | https://avd.aquasec.com/nvd/cve-2025-69421 |
| CVE-2025-26519 | musl | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
| CVE-2025-26519 | musl-utils | HIGH | 1.2.3-r5 | 1.2.3-r6 | https://avd.aquasec.com/nvd/cve-2025-26519 |
Vulnerabilities Listed for usr/local/bin/sds
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-15558 | github.com/docker/cli | HIGH | v27.3.1+incompatible | 29.2.0 | https://avd.aquasec.com/nvd/cve-2025-15558 |
| CVE-2026-34040 | github.com/moby/moby | HIGH | v26.0.0+incompatible | 29.3.1 | https://avd.aquasec.com/nvd/cve-2026-34040 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22868 | golang.org/x/oauth2 | HIGH | v0.23.0 | 0.27.0 | https://avd.aquasec.com/nvd/cve-2025-22868 |
| CVE-2026-33186 | google.golang.org/grpc | CRITICAL | v1.67.1 | 1.79.3 | https://avd.aquasec.com/nvd/cve-2026-33186 |
| CVE-2025-53547 | helm.sh/helm/v3 | HIGH | v3.16.2 | 3.18.4, 3.17.4 | https://avd.aquasec.com/nvd/cve-2025-53547 |
| CVE-2025-68121 | stdlib | CRITICAL | v1.23.3 | 1.24.13, 1.25.7, 1.26.0-rc.3 | https://avd.aquasec.com/nvd/cve-2025-68121 |
| CVE-2025-47907 | stdlib | HIGH | v1.23.3 | 1.23.12, 1.24.6 | https://avd.aquasec.com/nvd/cve-2025-47907 |
| CVE-2025-58183 | stdlib | HIGH | v1.23.3 | 1.24.8, 1.25.2 | https://avd.aquasec.com/nvd/cve-2025-58183 |
| CVE-2025-61726 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61726 |
| CVE-2025-61728 | stdlib | HIGH | v1.23.3 | 1.24.12, 1.25.6 | https://avd.aquasec.com/nvd/cve-2025-61728 |
| CVE-2025-61729 | stdlib | HIGH | v1.23.3 | 1.24.11, 1.25.5 | https://avd.aquasec.com/nvd/cve-2025-61729 |
| CVE-2026-25679 | stdlib | HIGH | v1.23.3 | 1.25.8, 1.26.1 | https://avd.aquasec.com/nvd/cve-2026-25679 |
| CVE-2026-32282 | stdlib | HIGH | v1.23.3 | 1.25.9, 1.26.2 | https://avd.aquasec.com/nvd/cve-2026-32282 |