On this page

Security and CVE scan results

Review security and CVE scan results for Solo.io products.

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.

Security and CVE scan

Latest 2.9.x gloo mesh enterprise Release: 2.9.1

gloo mesh enterprise gloo-mesh-envoy image

No scan found

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-ui image

No scan found

Release 2.9.0

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.0 (ubuntu 24.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.0 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/analyzer-linux-amd64

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.0 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/apiserver-linux-amd64

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.0 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.0 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64

gloo mesh enterprise gloo-mesh-envoy image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.0 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.0 (alpine 3.21.3)

Latest 2.8.x gloo mesh enterprise Release: 2.8.2

gloo mesh enterprise gloo-mesh-envoy image

No scan found

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-ui image

No scan found

Release 2.8.1

gloo mesh enterprise gloo-mesh-ui image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No scan found

Release 2.9.0

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.1 (ubuntu 24.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/analyzer-linux-amd64

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/apiserver-linux-amd64

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/mgmt-server-linux-amd64

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/agent-linux-amd64

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.1 (alpine 3.21.3)

Release 2.8.0

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.0 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.0 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.0 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/agent-linux-amd64

Latest 2.8.x gloo mesh enterprise Release: 2.8.2

gloo mesh enterprise gloo-mesh-envoy image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No scan found

gloo mesh enterprise gloo-mesh-ui image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No scan found

Release 2.8.1

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.0 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/pilot-agent

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.0 (alpine 3.21.3)

Latest 2.7.x gloo mesh enterprise Release: 2.7.4

gloo mesh enterprise gloo-mesh-envoy image

No scan found

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-ui image

No scan found

Release 2.7.3

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.1 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.1 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/agent-linux-amd64

Release 2.8.0

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.3 (ubuntu 24.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.3 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/analyzer-linux-amd64

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.3 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/apiserver-linux-amd64

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.3 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.3 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.3 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/mgmt-server-linux-amd64

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.3 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/agent-linux-amd64

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.3 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.3 (alpine 3.21.3)

Release 2.7.2

gloo mesh enterprise gloo-mesh-ui image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No scan found

Release 2.7.3

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.2 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/pilot-agent

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.2 (alpine 3.21.3)

Release 2.7.1

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.3 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.3 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.3 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/agent-linux-amd64

Release 2.7.2

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.1 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/pilot-agent

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.1 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/pilot-agent

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Release 2.7.0

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.0 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.27.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.27.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.0 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.27.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.27.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.0 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Latest 2.6.x gloo mesh enterprise Release: 2.6.12

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.12 (ubuntu 24.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.12 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/analyzer-linux-amd64

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.12 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/apiserver-linux-amd64

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.12 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.12 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.12 (ubuntu 24.04)

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.12 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/agent-linux-amd64

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.12 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.12 (alpine 3.21.3)

Release 2.6.11

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.11 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/pilot-agent

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.11 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/analyzer-linux-amd64

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.11 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/apiserver-linux-amd64

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.11 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.11 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.11 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/mgmt-server-linux-amd64

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.11 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/agent-linux-amd64

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.11 (alpine 3.21.3)

No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.11 (alpine 3.21.3)

Release 2.6.10

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.10 (ubuntu 24.04)

No Vulnerabilities Found for usr/local/bin/pilot-agent

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.10 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Release 2.6.9

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.9 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.27.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.27.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.9 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.27.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.27.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.9 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Release 2.6.8

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.8 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.27.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.27.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.8 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Release 2.6.7

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.7 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.27.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.27.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.7 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Release 2.6.6

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.6 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.24.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.24.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.6 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.24.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.24.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.6 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Release 2.6.5

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.5 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.24.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.24.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.5 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.24.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.24.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.5 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Release 2.6.4

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.4 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.24.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.24.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.4 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Release 2.6.3

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.3 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.3 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.3 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Release 2.6.2

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.2 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.2 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Release 2.6.1

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.1 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Release 2.6.0

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.0 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.0 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Latest 2.5.x gloo mesh enterprise Release: 2.5.13

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.13 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.27.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.27.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.13 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.13 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.13 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.13 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.13 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.13 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.13 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.13 (alpine 3.18.6)

Release 2.5.12

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.12 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.24.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.24.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.12 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.12 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.12 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.12 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.12 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.12 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.12 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.12 (alpine 3.18.6)

Release 2.5.11

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.11 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.24.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.24.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.11 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.11 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.11 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.11 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.11 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.11 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.11 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.11 (alpine 3.18.6)

Release 2.5.10

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.10 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.10 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.10 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.10 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.10 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.10 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.10 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.10 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.23.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.23.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240626154214-b02706833ad7	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.10 (alpine 3.18.6)

Release 2.5.9

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.9 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.9 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
GHSA-87m9-rv8p-rgmg	github.com/mostynb/go-grpc-compression	HIGH	v1.2.2	1.2.3	https://github.com/advisories/GHSA-87m9-rv8p-rgmg
CVE-2024-36129	go.opentelemetry.io/collector/config/configgrpc	HIGH	v0.89.0	0.102.1	https://avd.aquasec.com/nvd/cve-2024-36129
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.9 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.9 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.9 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.9 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.9 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.9 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.9 (alpine 3.18.6)

Release 2.5.8

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.8 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.8 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
GHSA-87m9-rv8p-rgmg	github.com/mostynb/go-grpc-compression	HIGH	v1.2.2	1.2.3	https://github.com/advisories/GHSA-87m9-rv8p-rgmg
CVE-2024-36129	go.opentelemetry.io/collector/config/configgrpc	HIGH	v0.89.0	0.102.1	https://avd.aquasec.com/nvd/cve-2024-36129
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.8 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.8 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.8 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.8 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.8 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.8 (alpine 3.18.7)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.8 (alpine 3.18.6)

Release 2.5.7

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.7 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.7 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
GHSA-87m9-rv8p-rgmg	github.com/mostynb/go-grpc-compression	HIGH	v1.2.2	1.2.3	https://github.com/advisories/GHSA-87m9-rv8p-rgmg
CVE-2024-36129	go.opentelemetry.io/collector/config/configgrpc	HIGH	v0.89.0	0.102.1	https://avd.aquasec.com/nvd/cve-2024-36129
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.7 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.7 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.7 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.7 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.7 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.7 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-34156	stdlib	HIGH	1.22.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.7 (alpine 3.18.6)

Release 2.5.6

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.6 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.6 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
GHSA-87m9-rv8p-rgmg	github.com/mostynb/go-grpc-compression	HIGH	v1.2.2	1.2.3	https://github.com/advisories/GHSA-87m9-rv8p-rgmg
CVE-2024-36129	go.opentelemetry.io/collector/config/configgrpc	HIGH	v0.89.0	0.102.1	https://avd.aquasec.com/nvd/cve-2024-36129
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.6 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.6 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.6 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.6 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.6 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.6 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.6 (alpine 3.18.6)

Release 2.5.5

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.5 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.5 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
GHSA-87m9-rv8p-rgmg	github.com/mostynb/go-grpc-compression	HIGH	v1.2.2	1.2.3	https://github.com/advisories/GHSA-87m9-rv8p-rgmg
CVE-2024-36129	go.opentelemetry.io/collector/config/configgrpc	HIGH	v0.89.0	0.102.1	https://avd.aquasec.com/nvd/cve-2024-36129
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.5 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.5 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.5 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.5 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.5 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.5 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.5 (alpine 3.18.6)

Release 2.5.4

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.4 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.4 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
GHSA-87m9-rv8p-rgmg	github.com/mostynb/go-grpc-compression	HIGH	v1.2.2	1.2.3	https://github.com/advisories/GHSA-87m9-rv8p-rgmg
CVE-2024-36129	go.opentelemetry.io/collector/config/configgrpc	HIGH	v0.89.0	0.102.1	https://avd.aquasec.com/nvd/cve-2024-36129
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.4 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.4 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.4 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.4 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.4 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.4 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.4 (alpine 3.18.6)

Release 2.5.3

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.3 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.3 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
GHSA-87m9-rv8p-rgmg	github.com/mostynb/go-grpc-compression	HIGH	v1.2.2	1.2.3	https://github.com/advisories/GHSA-87m9-rv8p-rgmg
CVE-2024-36129	go.opentelemetry.io/collector/config/configgrpc	HIGH	v0.89.0	0.102.1	https://avd.aquasec.com/nvd/cve-2024-36129
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.3 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.3 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.3 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.3 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.3 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.3 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240131021742-71746b67144a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.3 (alpine 3.18.6)

Release 2.5.2

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.2 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.2 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.2 (alpine 3.18.6)

No Vulnerabilities Found for usr/local/bin/apiserver-linux-amd64

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.2 (alpine 3.18.6)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.2 (alpine 3.18.6)

No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.2 (alpine 3.18.6)

No Vulnerabilities Found for usr/local/bin/mgmt-server-linux-amd64

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.2 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.2 (alpine 3.18.6)

No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.2 (alpine 3.18.6)

Release 2.5.1

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.1 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.1 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
GHSA-87m9-rv8p-rgmg	github.com/mostynb/go-grpc-compression	HIGH	v1.2.2	1.2.3	https://github.com/advisories/GHSA-87m9-rv8p-rgmg
CVE-2024-36129	go.opentelemetry.io/collector/config/configgrpc	HIGH	v0.89.0	0.102.1	https://avd.aquasec.com/nvd/cve-2024-36129
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.1 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.1 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.1 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.1 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.1 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.1 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.1 (alpine 3.18.6)

Release 2.5.0

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.0 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.0 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
GHSA-87m9-rv8p-rgmg	github.com/mostynb/go-grpc-compression	HIGH	v1.2.2	1.2.3	https://github.com/advisories/GHSA-87m9-rv8p-rgmg
CVE-2024-36129	go.opentelemetry.io/collector/config/configgrpc	HIGH	v0.89.0	0.102.1	https://avd.aquasec.com/nvd/cve-2024-36129
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.0 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.0.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.0 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.0 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.0 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.0 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.13.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.0 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20231207195727-552626bd81f6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.0 (alpine 3.18.5)

Latest 2.4.x gloo mesh enterprise Release: 2.4.17

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.17 (ubuntu 24.04)

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.27.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.27.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.17 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.17 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.17 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.17 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.17 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.17 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.17 (alpine 3.18.6)

Release 2.4.16

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.16 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.16 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.16 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.16 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.16 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.16 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.16 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.16 (alpine 3.18.6)

Release 2.4.15

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.15 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.15 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.15 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.15 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.15 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.15 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.15 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.15 (alpine 3.18.6)

Release 2.4.14

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.14 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.14 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.14 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.14 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.14 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.14 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.14 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.14 (alpine 3.18.6)

Release 2.4.13

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.13 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.13 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.13 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.13 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.13 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.13 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.13 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.13 (alpine 3.18.6)

Release 2.4.12

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.12 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.12 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.12 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.12 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.12 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.12 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.12 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.0	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.22.0	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-24788	stdlib	HIGH	1.22.0	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.0	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.12 (alpine 3.18.6)

Release 2.4.11

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.11 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.11 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.11 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.11 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.11 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.11 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.11 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.11 (alpine 3.18.6)

Release 2.4.10

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.10 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.10 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.10 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.10 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.10 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.10 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.10 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.10 (alpine 3.18.6)

Release 2.4.9

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.9 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.9 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.9 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.9 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.9 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.9 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.9 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.9 (alpine 3.18.6)

Release 2.4.8

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.8 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.8 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.8 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.8 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.8 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.8 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.8 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.8 (alpine 3.18.5)

Release 2.4.7

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.7 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.7 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.7 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.7 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.7 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.7 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.7 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.5	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-45288	stdlib	HIGH	1.21.5	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.5	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.7 (alpine 3.18.5)

Release 2.4.6

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.6 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.6 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.6 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.6 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.6 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.6 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.6 (alpine 3.18.5)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.6 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.4.5

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.5 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.5 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.5 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.5 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.5 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.5 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.5 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.5 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.4.4

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.4 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.4 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.4 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.4 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.4 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.4 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.4 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.13.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.13.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.15.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.4 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.4.3

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.3 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.3 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.3 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.3 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.3 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.3 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.3 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.3 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.4.2

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.2 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.2 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.2 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.2 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.2 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.2 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.2 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.2 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.4.1

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.1 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.1 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.1 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.1 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.1 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.1 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.1+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v23.0.1+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.1 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.11.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.11.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.13.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.1 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.4.0

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.0 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.0 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.10.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.10.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.11.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.11.1	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.0 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.10.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.10.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.11.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.0 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.10.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.10.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.11.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.0 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.10.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.10.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.11.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.11.1	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.0 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.10.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.10.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.11.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.11.1	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.0 (alpine 3.18.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.2-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.10.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.10.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.11.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.54.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230403164233-3e857775086a	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24540	stdlib	CRITICAL	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.20.3	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24539	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.20.3	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.20.3	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.20.3	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.20.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.20.3	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.20.3	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.0 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Latest 2.3.x gloo mesh enterprise Release: 2.3.24

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.24 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.24 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.24 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.24 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.24 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.24 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.21.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.21.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.24 (alpine 3.18.6)

Release 2.3.23

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.23 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.23 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.23 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.23 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.23 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v23.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.12.3	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.23 (alpine 3.18.6)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.17.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.17.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20230824050558-a835e9cca9eb	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.22.2	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2024-24788	stdlib	HIGH	1.22.2	1.22.3	https://avd.aquasec.com/nvd/cve-2024-24788
CVE-2024-34156	stdlib	HIGH	1.22.2	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.23 (alpine 3.18.6)

Release 2.3.22

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.22 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.22 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.22 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.22 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.22 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.22 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.22 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.21

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.21 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.21 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.21 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.21 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.21 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.21 (alpine 3.18.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.21 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.20

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.20 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.20 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.20 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.20 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.20 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.20 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.1.3-r0	3.1.4-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.21.1	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.21.1	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45288	stdlib	HIGH	1.21.1	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.21.1	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.20 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.19

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.19 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.19 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.19 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.19 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.19 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.19 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.19 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.18

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.18 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.18 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.18 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.18 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.18 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.18 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.11-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.18 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.17

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.17 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.17 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.17 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.17 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.17 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.17 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.17 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.16

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.16 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.16 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.16 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.16 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.16 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.16 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.16 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.15

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.15 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.15 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.15 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.15 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.15 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.15 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.15 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.14

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.14 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.14 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.14 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.14 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.14 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.14 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.14 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.13

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.13 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.13 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.13 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.13 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.13 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.13 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.13 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.12

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.12 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.12 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.12 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.12 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.12 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.12 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.12 (alpine 3.17.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.11

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.11 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.11 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.11 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.11 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.11 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.25+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.11 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.10	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.8.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.11 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.10

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.10 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.10 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.10 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.10 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.10 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.10 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-24790	stdlib	CRITICAL	1.19.10	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-39325	stdlib	HIGH	1.19.10	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.10	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.10	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.10	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.10 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.9

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.9 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.9 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.9 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.9 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.9 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.9 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.9 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.8

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.8 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.8 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.8 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.8 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.8 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.8 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.8 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.7

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.7 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.7 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.7 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.7 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.7 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.7 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.7 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.6

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.6 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.6 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.6 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.6 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.6 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.6 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.6 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.5

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.5 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.5 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.5 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.5 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.5 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.5 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.5 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.4

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.4 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.4 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.4 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.4 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.4 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.4 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.4 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.3

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.3 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.3 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.3 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.3 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.3 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.3 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.3 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.2

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.2 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.2 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.2 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.2 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.2 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.2 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.2 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.1

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.1 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.1 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.1 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.1 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.1 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.1 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.1 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.3.0

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.0 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.0 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.0 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.0 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.0 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.9.4	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.0 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.12.3	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.12.3	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20221208171804-952b2e8bc4b0	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.0 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Latest 2.2.x gloo mesh enterprise Release: 2.2.9

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.9 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.9 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.16+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v20.10.16+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.23.7	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.23.7	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.23.7	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.23.7	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.23.7	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.23.7	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.9 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.16+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v20.10.16+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.9 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.16+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v20.10.16+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.80.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.9 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.9 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.2.8

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.8 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.8 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.16+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v20.10.16+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.23.7	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.23.7	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.23.7	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.23.7	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.23.7	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.23.7	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.8 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.16+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v20.10.16+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.8 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.16+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v20.10.16+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.80.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.8 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.8 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.2.7

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.7 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.7 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.16+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v20.10.16+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.23.7	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.23.7	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.23.7	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.23.7	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.23.7	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.23.7	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.7 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.16+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v20.10.16+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.7 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.16+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v20.10.16+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.80.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.7 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.7 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.2.6

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.6 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.6 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.16+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v20.10.16+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.23.7	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.23.7	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.23.7	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.23.7	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.23.7	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.23.7	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.6 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.16+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v20.10.16+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.6 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2023-2253	github.com/docker/distribution	HIGH	v2.8.1+incompatible	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2024-41110	github.com/docker/docker	CRITICAL	v20.10.16+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2023-28840	github.com/docker/docker	HIGH	v20.10.16+incompatible	20.10.24, 23.0.3	https://avd.aquasec.com/nvd/cve-2023-28840
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.80.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.6 (alpine 3.16.2)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220606160615-c6abaf5e5fd6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.7	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2023-24534	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.7	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.7	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.7	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.7	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.7	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.7	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.7	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.7	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.6 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.2.5

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.5 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.5 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.5 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.5 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.80.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.5 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.5.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.5.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.52.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.5 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.2.4

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.4 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.4 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.4 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.4 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.80.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.4 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.4 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464	libcrypto3	HIGH	3.0.7-r2	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.7-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2022-4450	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464	libssl3	HIGH	3.0.7-r2	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.7-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.2.3

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.3 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.3 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.3 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.3 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.80.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.3 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl1.1	HIGH	1.1.1t-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-41723	golang.org/x/net	HIGH	v0.5.0	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.5.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.3 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464	libcrypto3	HIGH	3.0.7-r2	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.7-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2022-4450	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464	libssl3	HIGH	3.0.7-r2	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.7-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.2.2

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.2 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.2 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.2 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.2 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.80.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.2 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.2 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464	libcrypto3	HIGH	3.0.7-r2	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.7-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2022-4450	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464	libssl3	HIGH	3.0.7-r2	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.7-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.2.1

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.1 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.1 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.1 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.1 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.80.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.1 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.1 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464	libcrypto3	HIGH	3.0.7-r2	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.7-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2022-4450	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464	libssl3	HIGH	3.0.7-r2	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.7-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.2.0

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.0 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.0 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11243	k8s.io/kubernetes	HIGH	v1.13.0	1.12.5, 1.13.1	https://avd.aquasec.com/nvd/cve-2019-11243
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528
CVE-2024-0793	k8s.io/kubernetes	HIGH	v1.13.0	1.27.0-alpha.1	https://avd.aquasec.com/nvd/cve-2024-0793
CVE-2024-10220	k8s.io/kubernetes	HIGH	v1.13.0	1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-10220
CVE-2024-5321	k8s.io/kubernetes	HIGH	v1.13.0	1.27.16, 1.28.12, 1.29.7, 1.30.3	https://avd.aquasec.com/nvd/cve-2024-5321
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.0 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.0 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.80.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-36621	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	26.0.0	https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	25.0.4	https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2024-21626	github.com/opencontainers/runc	HIGH	v1.1.2	1.1.12	https://avd.aquasec.com/nvd/cve-2024-21626
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2024-26147	helm.sh/helm/v3	HIGH	v3.8.2	3.14.2	https://avd.aquasec.com/nvd/cve-2024-26147
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.0 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2024-28860	github.com/cilium/cilium	HIGH	v1.11.5	1.13.14, 1.14.9, 1.15.3	https://avd.aquasec.com/nvd/cve-2024-28860
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.4.1	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.0.0-20220525230936-793ad666bf5e	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.0.0-20220525230936-793ad666bf5e	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2023-24538	stdlib	CRITICAL	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24538
CVE-2023-24540	stdlib	CRITICAL	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24540
CVE-2024-24790	stdlib	CRITICAL	1.19.4	1.21.11, 1.22.4	https://avd.aquasec.com/nvd/cve-2024-24790
CVE-2022-41722	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41722
CVE-2022-41723	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-41724	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41724
CVE-2022-41725	stdlib	HIGH	1.19.4	1.19.6, 1.20.1	https://avd.aquasec.com/nvd/cve-2022-41725
CVE-2023-24534	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24534
CVE-2023-24536	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24536
CVE-2023-24537	stdlib	HIGH	1.19.4	1.19.8, 1.20.3	https://avd.aquasec.com/nvd/cve-2023-24537
CVE-2023-24539	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-24539
CVE-2023-29400	stdlib	HIGH	1.19.4	1.19.9, 1.20.4	https://avd.aquasec.com/nvd/cve-2023-29400
CVE-2023-29403	stdlib	HIGH	1.19.4	1.19.10, 1.20.5	https://avd.aquasec.com/nvd/cve-2023-29403
CVE-2023-39325	stdlib	HIGH	1.19.4	1.20.10, 1.21.3	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2023-45283	stdlib	HIGH	1.19.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	https://avd.aquasec.com/nvd/cve-2023-45283
CVE-2023-45287	stdlib	HIGH	1.19.4	1.20.0	https://avd.aquasec.com/nvd/cve-2023-45287
CVE-2023-45288	stdlib	HIGH	1.19.4	1.21.9, 1.22.2	https://avd.aquasec.com/nvd/cve-2023-45288
CVE-2024-34156	stdlib	HIGH	1.19.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.0 (alpine 3.16.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Latest 2.1.x gloo mesh enterprise Release: 2.1.5

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.5 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.5 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.5 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.5 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.5 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.5 (alpine 3.17.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401	libcrypto3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464	libcrypto3	HIGH	3.0.7-r2	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.7-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2022-4450	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0216	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0216
CVE-2023-0217	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0217
CVE-2023-0286	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0401	libssl3	HIGH	3.0.7-r2	3.0.8-r0	https://avd.aquasec.com/nvd/cve-2023-0401
CVE-2023-0464	libssl3	HIGH	3.0.7-r2	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.7-r2	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Release 2.1.4

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.4 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.4 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.4 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.4 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.4 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.4 (alpine 3.16.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release 2.1.3

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.3 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.3 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.3 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.3 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.3 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.3 (alpine 3.16.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release 2.1.2

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.2 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.2 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.2 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.2 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.2 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.2 (alpine 3.16.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release 2.1.1

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.1 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.1 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.1 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.1 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.1 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.1 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	curl	CRITICAL	7.83.1-r2	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r2	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Release 2.1.0

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.0 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.0 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253	k8s.io/kubernetes	HIGH	v1.13.0	1.13.12, 1.14.8, 1.15.5, 1.16.2	https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.13.0	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.13.0	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2023-3676	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3676
CVE-2023-3955	k8s.io/kubernetes	HIGH	v1.13.0	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	https://avd.aquasec.com/nvd/cve-2023-3955
CVE-2023-5528	k8s.io/kubernetes	HIGH	v1.13.0	1.28.4, 1.27.8, 1.26.11, 1.25.16	https://avd.aquasec.com/nvd/cve-2023-5528

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.0 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2022-37315	github.com/graphql-go/graphql	HIGH	v0.8.0	0.8.1	https://avd.aquasec.com/nvd/cve-2022-37315
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.0 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2021-21272	github.com/deislabs/oras	HIGH	v0.8.1	0.9.0	https://avd.aquasec.com/nvd/cve-2021-21272
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2017-11468	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.7.0-rc.0	https://avd.aquasec.com/nvd/cve-2017-11468
CVE-2023-2253	github.com/docker/distribution	HIGH	v0.0.0-20191216044856-a8371794149d	2.8.2-beta.1	https://avd.aquasec.com/nvd/cve-2023-2253
CVE-2014-9356	github.com/moby/moby	HIGH	v0.7.3-0.20190826074503-38ab9da00309	1.3.3	https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2023-27561	github.com/opencontainers/runc	HIGH	v1.1.1	1.1.5	https://avd.aquasec.com/nvd/cve-2023-27561
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.0 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-29002	github.com/cilium/cilium	HIGH	v1.11.5	1.11.16, 1.12.9, 1.13.2	https://avd.aquasec.com/nvd/cve-2023-29002
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220722155237-a158d28d115b	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20220516185659-202e88863858	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.0 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	curl	CRITICAL	7.83.1-r2	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r2	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Security and CVE scan results

Security and CVE scan link

Security and CVE scan