Enterprise

Review security and CVE scan results for Gloo Gateway Enterprise.

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.

Latest 1.19.x Gloo Enterprise Release: 1.19.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.2 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.2 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.2 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.2 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.19.2 (alpine 3.21.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.19.1

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.1 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.19.1 (alpine 3.21.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.19.0

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.0 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.19.0 (alpine 3.21.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Latest 1.18.x Gloo Enterprise Release: 1.18.14

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.14 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.14 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.14 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.14 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.18.14 (alpine 3.21.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.13

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.13 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.18.13 (alpine 3.21.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.12

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.12 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.18.12 (alpine 3.21.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.11 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.18.11 (alpine 3.21.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.10

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.10 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.9 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.8 (ubuntu 20.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.7 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.7 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2025-27113	libxml2	HIGH	2.11.8-r1	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r1	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r1	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.6

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.6 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.6 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.5 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.5 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.4

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.4 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.4 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.3 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.3 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.2 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.2 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.1

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.1 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.1 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.1 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.1 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.1 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.1 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.18.0

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.0 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.0 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.0 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.0 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.0 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.0 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.0 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.3	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Latest 1.17.x Gloo Enterprise Release: 1.17.12

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.12 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.12 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.12 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.17.12 (alpine 3.21.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.17.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.17.11 (alpine 3.21.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.17.10

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.17.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.17.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.42-r1	1.1.42-r2	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.42-r1	1.1.42-r2	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.17.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.7 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.17.6

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.6 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.17.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.5 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.17.4

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.4 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.4 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.17.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.3 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.3-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.3 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.17.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.2 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.3-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.2 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.17.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.17.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.0 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.22.4	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Latest 1.16.x Gloo Enterprise Release: 1.16.20

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.20 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.20 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.20 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.20 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.20 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.20 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.20 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.20 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.16.20 (alpine 3.21.3)

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.20 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.19

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.19 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.19 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.19 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.19 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.19 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.19 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.19 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.19 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.19 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.19 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.18

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.18 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.18 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.18 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.18 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.18 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.18 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.18 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.18 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.18 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.18 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.17

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.17 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.17 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.17 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.17 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.17 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.17 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.17 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.17 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.42-r1	1.1.42-r2	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.42-r1	1.1.42-r2	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.17 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.23.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.16

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.16 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.16 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.16 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.16 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.16 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.16 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.16 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.16 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.16 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.15

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.15 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.15 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.15 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.15 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.15 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.15 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.15 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.15 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.3-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.15 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.14

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.14 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.14 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.14 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.14 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.14 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.14 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.14 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.14 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.14 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.13

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.13 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.13 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.13 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.13 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.13 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.13 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.12 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.12 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.12 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.12 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.12 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.12 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.11

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.11 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.10	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.11 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.11 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.10	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.11 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.11 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.5-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.5-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.11 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.10 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.10	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.10 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.10 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.10	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.10 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22874	stdlib	HIGH	v1.21.11	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.10 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.5-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.5-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.10 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.9 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.10	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.10	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.9 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.9 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.10	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.9 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.10	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.10	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.9 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r6	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r6	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.9 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.8 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.8 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.8 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.8 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.8 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r6	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r6	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.8 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.7 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r6	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r6	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-22874	stdlib	HIGH	v1.21.9	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.6 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.8	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.8	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.8	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.8	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.8	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.5 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.8	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.8	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.8	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.8	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.8	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.4 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-28757	libexpat	HIGH	2.6.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-45490	libexpat	HIGH	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.0-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.3 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-28757	libexpat	HIGH	2.6.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-45490	libexpat	HIGH	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.0-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.7	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.2 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-28757	libexpat	HIGH	2.6.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-45490	libexpat	HIGH	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.0-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.6	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.6	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.6	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.6	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.6	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.5.0-r1	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.5.0-r1	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2023-52425	libexpat	HIGH	2.5.0-r1	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r1	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-45490	libexpat	HIGH	2.5.0-r1	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.5.0-r1	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-25062	libxml2	HIGH	2.11.6-r0	2.11.7-r0	https://avd.aquasec.com/nvd/cve-2024-25062
CVE-2024-56171	libxml2	HIGH	2.11.6-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.6-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.6-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.6-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.6-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Release 1.16.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.6	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.6	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-46569	github.com/open-policy-agent/opa	HIGH	v0.58.0	1.4.0	https://avd.aquasec.com/nvd/cve-2025-46569
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.6	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.6	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.6	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.0 (alpine 3.18.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r3	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.5.0-r1	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.5.0-r1	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2023-52425	libexpat	HIGH	2.5.0-r1	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r1	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-45490	libexpat	HIGH	2.5.0-r1	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.5.0-r1	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r3	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-25062	libxml2	HIGH	2.11.6-r0	2.11.7-r0	https://avd.aquasec.com/nvd/cve-2024-25062
CVE-2024-56171	libxml2	HIGH	2.11.6-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.6-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.6-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.6-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.6-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-22874	stdlib	HIGH	v1.21.5	1.23.10, 1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874