Navigation :

Gloo Gateway Enterprise results

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.

Latest 1.21.x Gloo Enterprise Release: 1.21.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.21.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.26.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.21.0 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.26.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.21.0 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32282	stdlib	HIGH	v1.26.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.21.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.26.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.21.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.26.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.21.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.26.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.21.0 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.26.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.21.0 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.21.0 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.21.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.26.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Latest 1.20.x Gloo Enterprise Release: 1.20.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.9 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.9 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.9 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.9 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.9 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.9 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.9 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.9 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.9 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.9 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.20.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.8 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.8 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v28.1.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v28.0.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.0	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.8 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.8 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.0	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.8 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.8 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.0	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.8 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.0	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.8 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.8 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-33416	libpng	HIGH	1.6.55-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.55-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.8 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.20.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.7 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-22184	zlib	HIGH	1.3.1-r2	1.3.2-r0	https://avd.aquasec.com/nvd/cve-2026-22184

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-25679	stdlib	HIGH	v1.25.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.25.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.7 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v28.1.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v28.0.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.0	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-25679	stdlib	HIGH	v1.25.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.25.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.7 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-25679	stdlib	HIGH	v1.25.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.25.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.7 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-22184	zlib	HIGH	1.3.1-r2	1.3.2-r0	https://avd.aquasec.com/nvd/cve-2026-22184

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-25679	stdlib	HIGH	v1.25.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.25.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.7 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-22184	zlib	HIGH	1.3.1-r2	1.3.2-r0	https://avd.aquasec.com/nvd/cve-2026-22184

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-25679	stdlib	HIGH	v1.25.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.25.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.7 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-22184	zlib	HIGH	1.3.1-r2	1.3.2-r0	https://avd.aquasec.com/nvd/cve-2026-22184

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-25679	stdlib	HIGH	v1.25.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.25.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.7 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-25679	stdlib	HIGH	v1.25.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.25.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.7 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.7 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-33416	libpng	HIGH	1.6.55-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.55-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-22184	zlib	HIGH	1.3.1-r2	1.3.2-r0	https://avd.aquasec.com/nvd/cve-2026-22184

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.7 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-22184	zlib	HIGH	1.3.1-r2	1.3.2-r0	https://avd.aquasec.com/nvd/cve-2026-22184

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-25679	stdlib	HIGH	v1.25.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.25.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.20.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.6 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.6 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v28.1.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v28.0.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.0	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.6 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.6 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.6 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.6 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.6 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.6 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.6 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2026-25646	libpng	HIGH	1.6.54-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.54-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.54-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-22184	zlib	HIGH	1.3.1-r2	1.3.2-r0	https://avd.aquasec.com/nvd/cve-2026-22184

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.6 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.20.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.5 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.20.5 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v28.1.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v28.0.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.0	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.5 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.5 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.5 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.5 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.20.5 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.5 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.5 (alpine 3.23.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2026-22695	libpng	HIGH	1.6.53-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.53-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.53-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.53-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.53-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-22184	zlib	HIGH	1.3.1-r2	1.3.2-r0	https://avd.aquasec.com/nvd/cve-2026-22184

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.5 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.20.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.4 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v28.1.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v28.0.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.0	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.4 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.4 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.4 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.4 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.4 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-66293	libpng	HIGH	1.6.51-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.51-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.51-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.51-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.51-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.51-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.4 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.20.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.3 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v28.1.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v28.0.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.0	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.3 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.3 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.3 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.3 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.3 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.3 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.20.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v28.1.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v28.0.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.0	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.2 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.2 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.20.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.1 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v28.1.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v28.0.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.0	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.1 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.1 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.1 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.1 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.20.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.20.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.20.0 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v28.1.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v28.0.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.0	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.20.0 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.20.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.20.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.20.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.20.0 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.20.0 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.20.0 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.2-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.2-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.2-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.20.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.37.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.74.2	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Latest 1.19.x Gloo Enterprise Release: 1.19.15

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.15 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.15 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.15 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.15 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.15 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.15 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.15 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.15 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.15 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.15 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.14

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.14 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.75.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.14 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.1	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.75.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.14 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.75.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.14 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.1	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.75.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.14 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.75.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.14 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.1	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.75.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.14 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.1	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.75.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.14 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.14 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-33416	libpng	HIGH	1.6.55-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.55-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.14 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.42.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.75.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.13

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.13 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.13 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.13 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.13 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.13 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.13 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.13 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.13 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.13 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2026-25646	libpng	HIGH	1.6.54-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.54-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.54-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.13 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.12 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.12 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.12 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.12 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.12 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.12 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.12 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.12 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.12 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-66293	libpng	HIGH	1.6.51-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.51-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.51-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.51-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.51-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.51-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.12 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.11

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.11 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.11 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.11 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.11 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.11 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.11 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.11 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.11 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.11 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.11 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.10 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.10 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.10 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.10 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.10 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.9 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.9 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.9 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.9 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.9 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.2-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.2-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.2-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.8 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.8 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.8 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.8 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.8 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.1-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.1-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.1-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.7 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.7 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.7 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.7 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.7 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.7 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.7 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.7 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.7 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.1-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.1-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.1-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.7 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.6 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.6 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.6 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.6 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.6 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.6 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.6 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.6 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.6 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.6 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.5 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.5 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.5 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.5 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.5 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.5 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.5 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.5 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.5 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.5 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.4 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.4 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.4 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.4 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.4 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.4 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.4 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.3 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.3 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.3 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.3 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.3 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.3 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.3 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.19.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.19.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.2 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.2 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.1 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.1 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.19.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.19.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.19.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.19.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.19.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.0 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.19.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.0 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Latest 1.18.x Gloo Enterprise Release: 1.18.25

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.25 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.25 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.25 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.25 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.25 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.25 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.25 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-34986	github.com/go-jose/go-jose/v4	HIGH	v4.1.3	4.1.4	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.25 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.25 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.25 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.24

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.24 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.24 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.24 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.24 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.24 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.24 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.24 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.24 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.24 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-33416	libpng	HIGH	1.6.55-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.55-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.24 (alpine 3.23.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.41.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.71.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2026-32282	stdlib	HIGH	v1.25.8	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.23

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.23 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.23 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.23 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.23 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.23 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.23 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.23 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.23 (ubuntu 22.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.23 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2026-25646	libpng	HIGH	1.6.54-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.54-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.54-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2026-28390	libssl3	HIGH	3.5.5-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.23 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-28390	libcrypto3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-28390	libssl3	HIGH	3.3.6-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.11	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2026-25679	stdlib	HIGH	v1.24.11	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.11	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.22

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.22 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.22 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.22 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.22 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.22 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.22 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.22 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.22 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.22 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-66293	libpng	HIGH	1.6.51-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.51-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.51-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.51-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.51-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.51-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.22 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.21

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.21 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.21 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.21 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.21 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.21 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.21 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.21 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.21 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.21 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.21 (alpine 3.21.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.5-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.5-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.9	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-61726	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.9	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.9	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.9	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.9	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.20

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.20 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.20 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.20 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.20 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.20 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.20 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.20 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.20 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.20 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.3-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.4-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.4-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.20 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.19

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.19 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.19 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.19 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.19 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.19 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.19 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.19 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.19 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.19 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.2-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.2-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.2-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.2-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.19 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.18

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.18 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.18 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.18 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.18 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.18 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.18 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.18 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.18 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.18 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.1-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.1-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.1-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.18 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-58183	stdlib	HIGH	v1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.6	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.6	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.6	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.6	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.17

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.17 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.17 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.17 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.17 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.17 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.17 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.17 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.17 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.17 (alpine 3.22.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.5.1-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.1-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.51-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.5.1-r0	3.5.5-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.5.1-r0	3.5.6-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.8-r0	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-58050	pcre2	CRITICAL	10.43-r1	10.46-r0	https://avd.aquasec.com/nvd/cve-2025-58050

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.17 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.16

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.16 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.16 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.5.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.4.1+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.16 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.16 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.16 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.16 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.16 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.16 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.4	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.16 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.16 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.4-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.4-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.34.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.70.0	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.15

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.15 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.15 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.15 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.15 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.15 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.15 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.15 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.15 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.15 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.15 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.4	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.4	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.4	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.4	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.4	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.14

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.14 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee:1.18.14 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

Vulnerabilities Listed for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.14 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-48384	git-man	HIGH	1:2.43.0-1ubuntu7.2	1:2.43.0-1ubuntu7.3	https://avd.aquasec.com/nvd/cve-2025-48384
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.14 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.14 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.14 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver:1.18.14 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.4.4-2ubuntu17.2	2.4.4-2ubuntu17.4	https://avd.aquasec.com/nvd/cve-2025-68973

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.14 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.14 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.14 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.13

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.13 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.13 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.13 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.13 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.13 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.13 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.13 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.13 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.24.1	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-22874	stdlib	HIGH	v1.24.1	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	v1.24.1	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.24.1	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.24.1	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.24.1	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.24.1	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.24.1	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.12

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.12 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.12 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.12 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.12 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.12 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.12 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.12 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.12 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.11

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.11 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.11 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.11 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.11 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.11 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.11 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.11 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-49795	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r6	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.11 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.10

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.10 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.10 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.3	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.10 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.9

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.9 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.9 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.9 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.8

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.8 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.8 (ubuntu 20.04)

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-31498	c-ares	HIGH	1.34.3-r0	1.34.5-r0	https://avd.aquasec.com/nvd/cve-2025-31498
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2026-25210	libexpat	HIGH	2.7.0-r0	2.7.4-r0	https://avd.aquasec.com/nvd/cve-2026-25210
CVE-2025-64720	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-64720
CVE-2025-65018	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-65018
CVE-2025-66293	libpng	HIGH	1.6.47-r0	1.6.53-r0	https://avd.aquasec.com/nvd/cve-2025-66293
CVE-2026-22695	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22695
CVE-2026-22801	libpng	HIGH	1.6.47-r0	1.6.54-r0	https://avd.aquasec.com/nvd/cve-2026-22801
CVE-2026-25646	libpng	HIGH	1.6.47-r0	1.6.55-r0	https://avd.aquasec.com/nvd/cve-2026-25646
CVE-2026-33416	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33416
CVE-2026-33636	libpng	HIGH	1.6.47-r0	1.6.56-r0	https://avd.aquasec.com/nvd/cve-2026-33636
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-49794	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49794
CVE-2025-49796	libxml2	CRITICAL	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49796
CVE-2025-32414	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.13.4-r5	2.13.4-r6	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2025-49795	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-49795
CVE-2025-6021	libxml2	HIGH	2.13.4-r5	2.13.9-r0	https://avd.aquasec.com/nvd/cve-2025-6021
CVE-2025-31115	xz-libs	HIGH	5.6.3-r0	5.6.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.8 (alpine 3.21.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libcrypto3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390
CVE-2025-15467	libssl3	CRITICAL	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.3.3-r0	3.3.6-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2026-28390	libssl3	HIGH	3.3.3-r0	3.3.7-r0	https://avd.aquasec.com/nvd/cve-2026-28390

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.7

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.7 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.7 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.7 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2025-27113	libxml2	HIGH	2.11.8-r1	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r1	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r1	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.7 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.7	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.7	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.7	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.7	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.7	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.6

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.6 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.6 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.6 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.6 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.5

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.5 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.5 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.5 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.5 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.4

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.4 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.4 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.4 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.4 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.3

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.3 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.3 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.3 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.3 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.2

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-32285	github.com/buger/jsonparser	HIGH	v1.1.1	1.1.2	https://avd.aquasec.com/nvd/cve-2026-32285
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.2 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.2 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.2 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.2 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.1

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.1 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.1 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.1 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Release 1.18.0

Gloo Enterprise rate-limit-ee image

Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.18.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/rate-limit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-ee-envoy-wrapper image

No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/envoyinit

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise observability-ee image

Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.18.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/observability

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15558	github.com/docker/cli	HIGH	v27.3.1+incompatible	29.2.0	https://avd.aquasec.com/nvd/cve-2025-15558
CVE-2026-34040	github.com/docker/docker	HIGH	v27.2.0+incompatible	29.3.1	https://avd.aquasec.com/nvd/cve-2026-34040
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.16.2	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise extauth-ee image

Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.18.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/extauth

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise caching-ee image

No scan found

Gloo Enterprise discovery-ee image

No scan found

Gloo Enterprise gloo-fed image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.18.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.0 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282

Gloo Enterprise gloo-fed-apiserver-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.0 (ubuntu 22.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-68973	gpgv	HIGH	2.2.27-3ubuntu2.1	2.2.27-3ubuntu2.5	https://avd.aquasec.com/nvd/cve-2025-68973

Gloo Enterprise gloo-federation-console image

Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.0 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-8176	libexpat	HIGH	2.6.4-r0	2.7.0-r0	https://avd.aquasec.com/nvd/cve-2024-8176
CVE-2024-56171	libxml2	CRITICAL	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2024-56171
CVE-2025-24928	libxml2	HIGH	2.11.8-r0	2.11.8-r1	https://avd.aquasec.com/nvd/cve-2025-24928
CVE-2025-27113	libxml2	HIGH	2.11.8-r0	2.11.8-r2	https://avd.aquasec.com/nvd/cve-2025-27113
CVE-2025-32414	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32414
CVE-2025-32415	libxml2	HIGH	2.11.8-r0	2.11.8-r3	https://avd.aquasec.com/nvd/cve-2025-32415
CVE-2024-55549	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2024-55549
CVE-2025-24855	libxslt	HIGH	1.1.38-r0	1.1.38-r1	https://avd.aquasec.com/nvd/cve-2025-24855
CVE-2025-26519	musl	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-31115	xz-libs	HIGH	5.4.3-r0	5.4.3-r1	https://avd.aquasec.com/nvd/cve-2025-31115

Gloo Enterprise gloo-fed-rbac-validating-webhook image

Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.0 (alpine 3.17.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-15467	libcrypto3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libcrypto3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-15467	libssl3	CRITICAL	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-15467
CVE-2025-69419	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69419
CVE-2025-69421	libssl3	HIGH	3.0.15-r1	3.0.19-r0	https://avd.aquasec.com/nvd/cve-2025-69421
CVE-2025-26519	musl	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519
CVE-2025-26519	musl-utils	HIGH	1.2.3-r5	1.2.3-r6	https://avd.aquasec.com/nvd/cve-2025-26519

Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2026-34986	github.com/go-jose/go-jose/v3	HIGH	v3.0.3	3.0.5	https://avd.aquasec.com/nvd/cve-2026-34986
CVE-2026-24051	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.40.0	https://avd.aquasec.com/nvd/cve-2026-24051
CVE-2026-39883	go.opentelemetry.io/otel/sdk	HIGH	v1.31.0	1.43.0	https://avd.aquasec.com/nvd/cve-2026-39883
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.28.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.28.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2026-33186	google.golang.org/grpc	CRITICAL	v1.67.1	1.79.3	https://avd.aquasec.com/nvd/cve-2026-33186
CVE-2025-68121	stdlib	CRITICAL	v1.23.3	1.24.13, 1.25.7, 1.26.0-rc.3	https://avd.aquasec.com/nvd/cve-2025-68121
CVE-2025-47907	stdlib	HIGH	v1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-58183	stdlib	HIGH	v1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-61726	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61726
CVE-2025-61728	stdlib	HIGH	v1.23.3	1.24.12, 1.25.6	https://avd.aquasec.com/nvd/cve-2025-61728
CVE-2025-61729	stdlib	HIGH	v1.23.3	1.24.11, 1.25.5	https://avd.aquasec.com/nvd/cve-2025-61729
CVE-2026-25679	stdlib	HIGH	v1.23.3	1.25.8, 1.26.1	https://avd.aquasec.com/nvd/cve-2026-25679
CVE-2026-32282	stdlib	HIGH	v1.23.3	1.25.9, 1.26.2	https://avd.aquasec.com/nvd/cve-2026-32282