Gloo Gateway Enterprise results
Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.
Latest 1.19.x Gloo Enterprise Release: 1.19.2
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.2 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.2 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.2 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.2 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.2 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.2 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.2 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.2 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.19.2 (alpine 3.21.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.2 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.19.1
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.1 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.1 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.1 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.1 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.1 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.19.1 (alpine 3.21.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.1 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.19.0
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.19.0 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.19.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.19.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.19.0 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.19.0 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.19.0 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.19.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.19.0 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.19.0 (alpine 3.21.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.19.0 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Latest 1.18.x Gloo Enterprise Release: 1.18.14
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.14 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.14 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.14 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.14 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.14 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.14 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.14 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.14 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.18.14 (alpine 3.21.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.14 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.13
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.13 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.13 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.13 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.13 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.13 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.18.13 (alpine 3.21.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.13 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.12
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.12 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.12 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.12 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.12 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.12 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.18.12 (alpine 3.21.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.12 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.11
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.11 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.11 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.11 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.11 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.11 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.18.11 (alpine 3.21.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.11 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.10
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.10 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.10 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.10 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.10 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.10 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.10 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.9
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.9 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.9 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.9 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.9 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.9 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2025-31115 | xz-libs | HIGH | 5.6.3-r0 | 5.6.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.9 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.8
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.8 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.8 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.8 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.8 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.8 (ubuntu 20.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2025-31115 | xz-libs | HIGH | 5.6.3-r0 | 5.6.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.8 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.7
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.7 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.7 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.7 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.7 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.7 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.7 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r1 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r1 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r1 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.7 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.6
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.6 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.6 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.6 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.6 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.6 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.6 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.6 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.5
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.5 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.5 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.5 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.5 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.5 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.5 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.5 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.4
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.4 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.4 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.4 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.4 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.4 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.4 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.4 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.3
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.3 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.3 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.3 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.3 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.3 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.3 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.3 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.2
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.2 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.2 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.2 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.2 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.2 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.2 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.2 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.1
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.1 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.1 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.1 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.1 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.1 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.1 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.1 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.18.0
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.18.0 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.18.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.18.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.18.0 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.18.0 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.2.1 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.18.0 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.18.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.18.0 (ubuntu 22.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.18.0 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.18.0 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.28.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.28.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.3 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Latest 1.17.x Gloo Enterprise Release: 1.17.12
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.12 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.12 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.12 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.12 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.12 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.12 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.12 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.12 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.17.12 (alpine 3.21.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.12 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.17.11
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.11 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.11 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.11 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.11 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.11 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.17.11 (alpine 3.21.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.11 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.24.1 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.17.10
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.10 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.10 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.10 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.10 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.10 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.10 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.10 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.17.9
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.9 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.9 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.9 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.9 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.9 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.9 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2025-31115 | xz-libs | HIGH | 5.6.3-r0 | 5.6.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.9 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.17.8
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.8 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.8 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.8 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.8 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.8 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.8 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.42-r1 | 1.1.42-r2 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.42-r1 | 1.1.42-r2 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.6.3-r0 | 5.6.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.8 (alpine 3.21.3)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.17.7
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.7 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.7 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.7 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.7 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.7 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.7 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.7 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.17.6
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.6 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.6 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.6 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.6 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.6 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.6 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.6 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.17.5
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.5 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.5 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.5 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.5 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.5 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.5 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.5 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.17.4
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.4 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.4 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.4 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.4 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.4 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.4 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.4 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.17.3
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.3 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.3 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.3 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.3 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.3 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.3 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.3-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.3 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.17.2
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.17.2 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.17.2 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.17.2 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.17.2 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.2 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.2 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.3-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.2 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.17.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.1 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.1 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.2-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.25.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.25.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.17.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.17.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.21.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.21.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.17.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.21.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.21.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.17.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.17.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.21.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.21.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.17.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.21.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.21.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.17.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.21.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.21.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.17.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.21.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.21.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.17.0 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.17.0 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.2-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.17.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30153 | github.com/getkin/kin-openapi | HIGH | v0.107.0 | 0.131.0 | https://avd.aquasec.com/nvd/cve-2025-30153 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.21.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.21.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.22.4 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Latest 1.16.x Gloo Enterprise Release: 1.16.20
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.20 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.20 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.20 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.20 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.20 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.20 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.20 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.20 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
No Vulnerabilities Found for quay.io/solo-io/gloo-federation-console:1.16.20 (alpine 3.21.3)
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.20 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.19
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.19 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.19 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.19 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.19 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.19 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.19 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.19 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.19 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.19 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.19 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.18
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.18 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.18 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.18 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.18 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.18 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.18 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.18 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.18 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.18 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2025-31115 | xz-libs | HIGH | 5.6.3-r0 | 5.6.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.18 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.17
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.17 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.17 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.17 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.17 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.17 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.17 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.17 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.17 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.17 (alpine 3.21.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-31498 | c-ares | HIGH | 1.34.3-r0 | 1.34.5-r0 | https://avd.aquasec.com/nvd/cve-2025-31498 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2025-32414 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.13.4-r5 | 2.13.4-r6 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.42-r1 | 1.1.42-r2 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.42-r1 | 1.1.42-r2 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.6.3-r0 | 5.6.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.17 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.23.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.16
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.16 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.16 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.16 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.16 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.16 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.16 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.16 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.16 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.16 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.4-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.16 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.31.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.15
Gloo Enterprise rate-limit-ee image
No Vulnerabilities Found for quay.io/solo-io/rate-limit-ee:1.16.15 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.15 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.15 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
No Vulnerabilities Found for quay.io/solo-io/observability-ee:1.16.15 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
No Vulnerabilities Found for quay.io/solo-io/extauth-ee:1.16.15 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed:1.16.15 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.15 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.15 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.15 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-8176 | libexpat | HIGH | 2.6.3-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.15 (alpine 3.17.6)
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.14
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.14 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.14 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.14 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.14 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.14 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.14 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.14 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.14 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.14 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.2-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.14 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.13
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.13 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.13 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.13 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.13 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.13 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.13 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.13 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.2-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.13 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.12
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.12 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.12 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.12 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.12 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.12 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.12 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.12 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.2-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.6-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.12 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.14-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.11
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.11 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.10 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.10 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.11 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.11 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.10 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.10 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.11 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.11 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.11 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.11 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.5-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.2-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.5-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.11 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.10
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.10 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.10 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.10 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.10 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.10 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.10 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.10 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.10 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.10 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.11 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.10 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.10 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.5-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.2-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.5-r0 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.8-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.10 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.13-r0 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.9
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.9 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.10 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.10 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.10 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.10 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.9 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.9 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.10 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.10 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.9 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.10 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.10 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.9 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.10 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.10 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.9 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.9 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r6 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.2-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r6 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.9 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.8
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.8 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.8 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.8 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.8 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.8 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.8 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.8 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r6 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.2-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r6 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.8 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.7
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.7 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.7 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.7 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r6 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.2-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r6 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.7 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r5 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.6
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.6 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.9 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.9 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.6 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.6 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.2-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.6 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.5
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.8 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.8 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.8 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.8 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.8 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.8 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.8 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.8 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.8 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.8 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.8 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.8 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.5 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.8 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.8 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.8 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.5 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.5 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.2-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.2-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.5 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.4
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.8 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.8 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.8 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.8 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.8 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.8 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.8 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.8 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.8 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.8 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.8 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.8 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.4 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.8 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.8 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.8 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.4 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.4 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.0-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.0-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-28757 | libexpat | HIGH | 2.6.0-r0 | 2.6.2-r0 | https://avd.aquasec.com/nvd/cve-2024-28757 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.0-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.0-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.4 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.3
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.7 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.7 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.7 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.7 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.7 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.7 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.7 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.7 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.3 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.7 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.7 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.3 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.3 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.0-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.0-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-28757 | libexpat | HIGH | 2.6.0-r0 | 2.6.2-r0 | https://avd.aquasec.com/nvd/cve-2024-28757 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.0-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.0-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.3 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.2
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.7 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.7 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.7 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.7 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.7 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.7 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.7 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.7 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.2 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.7 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.7 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.7 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.2 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.2 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.6.0-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.6.0-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2024-28757 | libexpat | HIGH | 2.6.0-r0 | 2.6.2-r0 | https://avd.aquasec.com/nvd/cve-2024-28757 |
| CVE-2024-45490 | libexpat | HIGH | 2.6.0-r0 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.6.0-r0 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.7-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.2 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.1
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.6 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.6 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.6 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.6 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.6 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.6 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.6 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.6 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.6 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.6 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.6 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.6 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.1 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.6 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.6 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.6 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.1 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.1 (alpine 3.18.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.5.0-r1 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.5.0-r1 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2023-52425 | libexpat | HIGH | 2.5.0-r1 | 2.6.0-r0 | https://avd.aquasec.com/nvd/cve-2023-52425 |
| CVE-2024-28757 | libexpat | HIGH | 2.5.0-r1 | 2.6.2-r0 | https://avd.aquasec.com/nvd/cve-2024-28757 |
| CVE-2024-45490 | libexpat | HIGH | 2.5.0-r1 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.5.0-r1 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r5 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-25062 | libxml2 | HIGH | 2.11.6-r0 | 2.11.7-r0 | https://avd.aquasec.com/nvd/cve-2024-25062 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.6-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.6-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.6-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.6-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.6-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.1 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r4 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Release 1.16.0
Gloo Enterprise rate-limit-ee image
Vulnerabilities Listed for quay.io/solo-io/rate-limit-ee:1.16.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r2 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r2 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/rate-limit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.6 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.6 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.6 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee:1.16.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.6 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.6 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.6 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-ee-envoy-wrapper image
No Vulnerabilities Found for quay.io/solo-io/gloo-ee-envoy-wrapper:1.16.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/envoyinit
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise observability-ee image
Vulnerabilities Listed for quay.io/solo-io/observability-ee:1.16.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r2 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r2 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/observability
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise extauth-ee image
Vulnerabilities Listed for quay.io/solo-io/extauth-ee:1.16.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r2 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r2 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/extauth
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2025-30204 | github.com/golang-jwt/jwt/v4 | HIGH | v4.5.0 | 4.5.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-30204 | github.com/golang-jwt/jwt/v5 | HIGH | v5.0.0 | 5.2.2 | https://avd.aquasec.com/nvd/cve-2025-30204 |
| CVE-2025-46569 | github.com/open-policy-agent/opa | HIGH | v0.58.0 | 1.4.0 | https://avd.aquasec.com/nvd/cve-2025-46569 |
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.6 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.6 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.6 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise caching-ee image
No scan found
Gloo Enterprise discovery-ee image
No scan found
Gloo Enterprise gloo-fed image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed:1.16.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r2 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r2 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.6 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.6 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.6 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver:1.16.0 (ubuntu 20.04)
Vulnerabilities Listed for usr/local/bin/gloo-fed-apiserver
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.6 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.6 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.6 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |
Gloo Enterprise gloo-fed-apiserver-envoy image
No Vulnerabilities Found for quay.io/solo-io/gloo-fed-apiserver-envoy:1.16.0 (ubuntu 18.04)
Gloo Enterprise gloo-federation-console image
Vulnerabilities Listed for quay.io/solo-io/gloo-federation-console:1.16.0 (alpine 3.18.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-2398 | curl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | curl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-6119 | libcrypto3 | HIGH | 3.1.4-r3 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-2398 | libcurl | HIGH | 8.5.0-r0 | 8.7.1-r0 | https://avd.aquasec.com/nvd/cve-2024-2398 |
| CVE-2024-6197 | libcurl | HIGH | 8.5.0-r0 | 8.9.0-r0 | https://avd.aquasec.com/nvd/cve-2024-6197 |
| CVE-2024-45491 | libexpat | CRITICAL | 2.5.0-r1 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45491 |
| CVE-2024-45492 | libexpat | CRITICAL | 2.5.0-r1 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45492 |
| CVE-2023-52425 | libexpat | HIGH | 2.5.0-r1 | 2.6.0-r0 | https://avd.aquasec.com/nvd/cve-2023-52425 |
| CVE-2024-28757 | libexpat | HIGH | 2.5.0-r1 | 2.6.2-r0 | https://avd.aquasec.com/nvd/cve-2024-28757 |
| CVE-2024-45490 | libexpat | HIGH | 2.5.0-r1 | 2.6.3-r0 | https://avd.aquasec.com/nvd/cve-2024-45490 |
| CVE-2024-8176 | libexpat | HIGH | 2.5.0-r1 | 2.7.0-r0 | https://avd.aquasec.com/nvd/cve-2024-8176 |
| CVE-2024-6119 | libssl3 | HIGH | 3.1.4-r3 | 3.1.7-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-25062 | libxml2 | HIGH | 2.11.6-r0 | 2.11.7-r0 | https://avd.aquasec.com/nvd/cve-2024-25062 |
| CVE-2024-56171 | libxml2 | HIGH | 2.11.6-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2024-56171 |
| CVE-2025-24928 | libxml2 | HIGH | 2.11.6-r0 | 2.11.8-r1 | https://avd.aquasec.com/nvd/cve-2025-24928 |
| CVE-2025-27113 | libxml2 | HIGH | 2.11.6-r0 | 2.11.8-r2 | https://avd.aquasec.com/nvd/cve-2025-27113 |
| CVE-2025-32414 | libxml2 | HIGH | 2.11.6-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32414 |
| CVE-2025-32415 | libxml2 | HIGH | 2.11.6-r0 | 2.11.8-r3 | https://avd.aquasec.com/nvd/cve-2025-32415 |
| CVE-2024-55549 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2024-55549 |
| CVE-2025-24855 | libxslt | HIGH | 1.1.38-r0 | 1.1.38-r1 | https://avd.aquasec.com/nvd/cve-2025-24855 |
| CVE-2025-31115 | xz-libs | HIGH | 5.4.3-r0 | 5.4.3-r1 | https://avd.aquasec.com/nvd/cve-2025-31115 |
Gloo Enterprise gloo-fed-rbac-validating-webhook image
Vulnerabilities Listed for quay.io/solo-io/gloo-fed-rbac-validating-webhook:1.16.0 (alpine 3.17.6)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-6119 | libcrypto3 | HIGH | 3.0.12-r2 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
| CVE-2024-6119 | libssl3 | HIGH | 3.0.12-r2 | 3.0.15-r0 | https://avd.aquasec.com/nvd/cve-2024-6119 |
Vulnerabilities Listed for usr/local/bin/gloo-fed-rbac-validating-webhook
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2024-45337 | golang.org/x/crypto | CRITICAL | v0.17.0 | 0.31.0 | https://avd.aquasec.com/nvd/cve-2024-45337 |
| CVE-2025-22869 | golang.org/x/crypto | HIGH | v0.17.0 | 0.35.0 | https://avd.aquasec.com/nvd/cve-2025-22869 |
| CVE-2024-24790 | stdlib | CRITICAL | v1.21.5 | 1.21.11, 1.22.4 | https://avd.aquasec.com/nvd/cve-2024-24790 |
| CVE-2023-45288 | stdlib | HIGH | v1.21.5 | 1.21.9, 1.22.2 | https://avd.aquasec.com/nvd/cve-2023-45288 |
| CVE-2025-22874 | stdlib | HIGH | v1.21.5 | 1.23.10, 1.24.4 | https://avd.aquasec.com/nvd/cve-2025-22874 |