Navigation :

Gloo Gateway Enterprise results

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.

Latest 1.20.x Gloo Enterprise Release: 1.20.5

Gloo Enterprise rate-limit-ee image

No scan found

Gloo Enterprise gloo-ee image

No scan found

Gloo Enterprise gloo-ee-envoy-wrapper image

No scan found

Gloo Enterprise observability-ee image

No scan found

Gloo Enterprise extauth-ee image

No scan found

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No scan found

Gloo Enterprise gloo-fed-apiserver image

No scan found

Gloo Enterprise gloo-fed-apiserver-envoy image

No scan found

Gloo Enterprise gloo-federation-console image

No scan found

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No scan found

Release 1.20.4

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.20.4 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.20.4 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.20.4 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.20.4 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.4 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.4 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-66293	libpng	HIGH	1.6.51-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.4 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.20.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.20.3 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.20.3 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.20.3 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.20.3 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.3 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.3 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.3 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.20.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.20.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.20.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.20.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.20.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.2 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.2 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.20.1

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.20.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.1 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.1 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.20.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.20.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.20.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.1 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.1 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.1 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.20.0

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.20.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.0 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.0 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.20.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.20.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.20.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.0 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.0 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.0 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Latest 1.19.x Gloo Enterprise Release: 1.19.12

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.12 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.12 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.12 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.12 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.12 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.12 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.12 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.12 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.12 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-66293	libpng	HIGH	1.6.51-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.12 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.19.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.11 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.11 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.11 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.11 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.11 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.11 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.11 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.11 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.11 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.11 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.19.10

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.10 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.10 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.10 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.10 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.10 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.19.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.9 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.9 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.9 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.9 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.9 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.19.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.8 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.8 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.8 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.8 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.8 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.19.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.7 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.7 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.7 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.7 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.7 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.7 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.7 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.7 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.7 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.7 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.19.6

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.6 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.6 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.6 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.6 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.6 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.6 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.6 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.6 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.6 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.6 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.19.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.5 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.5 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.5 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.5 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.5 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.5 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.5 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.5 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.5 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.5 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.19.4

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.4 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.4 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.19.3

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.3 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.3 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.19.2

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.2 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.19.1

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.1 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.19.0

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.0 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Latest 1.18.x Gloo Enterprise Release: 1.18.22

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.22 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.22 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.22 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.22 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.22 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.22 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.22 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.22 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.22 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-66293	libpng	HIGH	1.6.51-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.22 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.21

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.21 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.21 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.21 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.21 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.21 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.21 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.21 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.21 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.21 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.21 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.20

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.20 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.20 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.20 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.20 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.20 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.20 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.20 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.20 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.20 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.20 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.19

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.19 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.19 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.19 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.19 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.19 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.19 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.19 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.19 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.19 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.19 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.18

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.18 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.18 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.18 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.18 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.18 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.18 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.18 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.18 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.18 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.18 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.17

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.17 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.17 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.17 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.17 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.17 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.17 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.17 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.17 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.17 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.17 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.16

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.16 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.16 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.16 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.16 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.16 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.15

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.15 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.15 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.15 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.15 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.15 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.14

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.14 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.14 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.14 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.14 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.14 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.13

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.13 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.13 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.12

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.12 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.12 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.11 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.11 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.10

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.10 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.9 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.8 (ubuntu 20.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.7 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.7 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2025-27113	libxml2	HIGH	2.11.8-r1	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r1	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r1	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.6

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.6 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.6 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.6 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.5

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.5 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.5 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.5 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.4 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.4 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.3 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.3 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.2 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.2 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.1 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.18.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.0 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.0 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Latest 1.17.x Gloo Enterprise Release: 1.17.18

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.18 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.17.18 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.18 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.18 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.18 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.18 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.17.18 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.18 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.18 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-66293	libpng	HIGH	1.6.51-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.18 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.17

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.17 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.17.17 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.17 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.17 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.17 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.17 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.17.17 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.17 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.17 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.16

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.17.16 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.16 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.17.16 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.16 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.16 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.15

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.17.15 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.15 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.17.15 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.15 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.15 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.14

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.17.14 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.14 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.17.14 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.14 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.14 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.13

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.17.13 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.13 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.17.13 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.13 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.13 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.12

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.17.12 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.12 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.17.12 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.12 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.11

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.11 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.10

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.10 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.9

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.9 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.8

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2025-64720	libpng	HIGH	1.6.44-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.44-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.44-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2024-55549	libxslt	HIGH	1.1.42-r1	1.1.42-r2	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.42-r1	1.1.42-r2	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.8 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.7

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.7 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.7 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.6 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.5 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.4 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.3 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.3-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.2 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.3-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.17.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.0 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.16.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.22.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Latest 1.16.x Gloo Enterprise Release: 1.16.21

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.21 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.16.21 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.21 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.21 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.21 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.21 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.16.21 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.21 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.21 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.21 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.20

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.20 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.16.20 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.20 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.20 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.20 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.20 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.16.20 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.20 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.20 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.20 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.19

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.19 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.19 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.19 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.19 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.19 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.19 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.19 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.19 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.19 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.19 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.18

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.18 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.18 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.18 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.18 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.18 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.18 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.18 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.18 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.18 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.18 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.17

Gloo Enterprise rate-limit-ee image

No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.17 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.17 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.17 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.17 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.17 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.17 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.17 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.17 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.17 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2025-64720	libpng	HIGH	1.6.44-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.44-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.44-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2024-55549	libxslt	HIGH	1.1.42-r1	1.1.42-r2	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.42-r1	1.1.42-r2	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.17 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.16

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.16 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.16 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.16 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.16 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.16 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.16 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.16 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.16 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.16 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.16 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.15

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.15 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.15 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.15 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.15 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.15 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.15 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.15 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.15 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.15 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.3-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.15 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.14

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.14 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.14 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.14 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.14 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.14 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.14 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.14 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.14 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.14 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.14 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.13

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.13 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.13 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.13 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.13 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.13 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.13 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.13 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.12 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.12 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.12 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.12 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.12 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.12 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.12 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.14-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.11

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.11 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.10	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.10	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.10	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.11 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.11 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.10	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.10	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.10	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.11 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.11 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.11 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.5-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.5-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.11 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.10 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.10	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.10	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.10	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.10 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.10 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.10	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.10	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.10	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.10 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	v1.21.11	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.11	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.11	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.10 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.10 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.5-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.5-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.10 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.13-r0	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.9 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.10	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.10	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.10	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.10	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.10	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.10	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.9 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.9 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.10	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.10	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.10	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.9 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.10	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.10	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.10	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.10	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.10	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.10	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.9 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.9 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r6	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r6	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.9 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.8 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.8 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.8 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.8 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.8 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.8 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r6	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r6	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.8 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.7 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.7 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r6	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r6	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r5	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.9	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2025-47907	stdlib	HIGH	v1.21.9	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.9	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.6 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.6 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.8	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.8	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.8	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.8	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.8	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.8	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.8	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.8	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.8	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.8	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.5 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.5 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-45490	libexpat	HIGH	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.2-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.8	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.8	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.8	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.8	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.8	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.8	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.8	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.8	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.8	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.8	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.8	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.8	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.4 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.4 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-28757	libexpat	HIGH	2.6.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-45490	libexpat	HIGH	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.0-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.13.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.13.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.3 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.3 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-28757	libexpat	HIGH	2.6.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-45490	libexpat	HIGH	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.0-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.13.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.13.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.2 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.2 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2024-28757	libexpat	HIGH	2.6.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-45490	libexpat	HIGH	2.6.0-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.6.0-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.7-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.7-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.7-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.6	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.13.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.6	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.13.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.6	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.6	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.6	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.1 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.5.0-r1	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.5.0-r1	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2023-52425	libexpat	HIGH	2.5.0-r1	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r1	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-45490	libexpat	HIGH	2.5.0-r1	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.5.0-r1	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.6-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2024-25062	libxml2	HIGH	2.11.6-r0	2.11.7-r0	https://avd.aquasec.com/nvd/cve-2024-25062
CVE-2025-24928	libxml2	HIGH	2.11.6-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.6-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.6-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.6-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r4	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Release 1.16.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.6	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.13.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.6	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.13.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.6	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.6	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.6	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.6	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.6	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.0 (ubuntu 18.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.0 (alpine 3.18.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r3	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-45491	libexpat	CRITICAL	2.5.0-r1	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
CVE-2024-45492	libexpat	CRITICAL	2.5.0-r1	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
CVE-2023-52425	libexpat	HIGH	2.5.0-r1	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r1	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-45490	libexpat	HIGH	2.5.0-r1	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
CVE-2024-8176	libexpat	HIGH	2.5.0-r1	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-6119	libssl3	HIGH	3.1.4-r3	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-56171	libxml2	CRITICAL	2.11.6-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2024-25062	libxml2	HIGH	2.11.6-r0	2.11.7-r0	https://avd.aquasec.com/nvd/cve-2024-25062
CVE-2025-24928	libxml2	HIGH	2.11.6-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.6-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.6-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.6-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.0.12-r2	3.0.15-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.13.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2024-24790	stdlib	CRITICAL	v1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	v1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2025-47907	stdlib	HIGH	v1.21.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.21.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61729	stdlib	HIGH	v1.21.5	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729