On this page

Security and CVE scan results

Review security and CVE scan results for Solo.io products.

Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.

Security and CVE scan

Latest 2.11.x gloo mesh enterprise Release: 2.11.0

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No scan found

gloo mesh enterprise gloo-mesh-envoy image

No scan found

gloo mesh enterprise gloo-mesh-spire-controller image

No scan found

gloo mesh enterprise gloo-mesh-portal-server image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-ui image

No scan found

gloo mesh enterprise gloo-mesh-analyzer image

No scan found

Latest 2.10.x gloo mesh enterprise Release: 2.10.2

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.2 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.2 (alpine 3.21.5)

No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.2 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.2 (ubuntu 24.04)

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.2 (alpine 3.21.5)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.2 (alpine 3.21.5)

No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.2 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.2 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.2 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621

Release 2.10.1

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.1 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.1 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.1 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.1 (ubuntu 24.04)

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.1 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.1 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.1 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.1 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.1 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.10.0

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.10.0 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.10.0 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.10.0 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.10.0 (ubuntu 24.04)

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.10.0 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.10.0 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.10.0 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.10.0 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.10.0 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47912	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.6	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.6	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Latest 2.9.x gloo mesh enterprise Release: 2.9.3

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.3 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.3 (alpine 3.21.5)

No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.3 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.3 (ubuntu 24.04)

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.3 (alpine 3.21.5)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.3 (alpine 3.21.5)

No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.3 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.3 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.3 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621

Release 2.9.2

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.2 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.2 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.2 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.2 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.2 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.2 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.2 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.2 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.9.1

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.1 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.1 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.9.0

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.9.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.9.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.9.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.9.0 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.9.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.9.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.9.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.9.0 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.9.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Latest 2.8.x gloo mesh enterprise Release: 2.8.4

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.4 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.4 (alpine 3.21.5)

No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.4 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.4 (ubuntu 24.04)

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.4 (alpine 3.21.5)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.4 (alpine 3.21.5)

No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.4 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.4 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.4 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547

Release 2.8.3

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.3 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.3 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.3 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.3 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.3 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.3 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.3 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.3 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.8.2

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.2 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.8.1

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.1 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.1 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.1 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.8.0

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.8.0 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.23.8	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.8	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.8.0 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.8.0 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250411142419-0d83506c2883	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Latest 2.7.x gloo mesh enterprise Release: 2.7.7

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.7 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.7 (alpine 3.21.5)

No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.7 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.7 (ubuntu 24.04)

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.7 (alpine 3.21.5)

No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.7 (alpine 3.21.5)

No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.7 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.7 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.7 (alpine 3.21.5)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547

Release 2.7.6

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.6 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.6 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.6 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.6 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.6 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.6 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.6 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.6 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.6 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.7.5

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.5 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.5 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.5 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.5 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.5 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.5 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.5 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.5 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.5 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-47907	stdlib	HIGH	1.24.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.7.4

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.4 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.4 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.7.3

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.3 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.3 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.3 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.7.2

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.2 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.23.8	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.8	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.8	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.2 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.2 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.7.1

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.1 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.1 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.7.0

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.25.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.3	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.25.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.3	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.25.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.3	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.7.0 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.27.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.27.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	1.23.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.25.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.3	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.25.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.3	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.25.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.3	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.7.0 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.7.0 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.32.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.25.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.0	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20250212095443-6bd0075edb31	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.3	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.3	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.3	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Latest 2.6.x gloo mesh enterprise Release: 2.6.13

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.13 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.5	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.13 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.5	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.13 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.5	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.13 (ubuntu 24.04)

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.13 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.5	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.13 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.5	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.13 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.27	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-47907	stdlib	HIGH	1.24.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.5	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.13 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.13 (alpine 3.21.4)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.24.5	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.5	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.5	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.12

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.12 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.12 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.12 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.11

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.11 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.24	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.11 (alpine 3.21.3)

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.11 (alpine 3.21.3)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.17.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2025-22874	stdlib	HIGH	1.24.2	1.24.4	https://avd.aquasec.com/nvd/cve-2025-22874
CVE-2025-47907	stdlib	HIGH	1.24.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.24.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.24.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.10

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.10 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.10 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.10 (alpine 3.18.12)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.23.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.9

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.9 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.27.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.27.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	1.23.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.9 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.9 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.8

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.8 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.27.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.27.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	1.23.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.8 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.8 (alpine 3.18.11)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.7

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.7 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.27.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.27.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.23.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	1.23.2	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.23.2	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.23.2	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.7 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.7 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v27.0.3+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.31.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.6

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.1	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.6 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.24.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.24.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.6 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.6 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.5

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.5 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.24.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.24.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.5 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.5 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.4

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.4 (ubuntu 24.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-32462	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32462
CVE-2025-32463	sudo	HIGH	1.9.15p5-3ubuntu5	1.9.15p5-3ubuntu5.24.04.1	https://avd.aquasec.com/nvd/cve-2025-32463

Vulnerabilities Listed for usr/local/bin/pilot-agent

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v26.1.4+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.24.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.24.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.21.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-47907	stdlib	HIGH	1.22.7	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.7	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.7	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.4 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.4 (alpine 3.18.9)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.3

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.3 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-spire-controller image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.3 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.3 (alpine 3.18.8)

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.2

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.2 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.2 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.2 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.1

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.1 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.1 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Release 2.6.0

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2024-41110	github.com/docker/docker	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2024-41110	github.com/docker/docker	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2025-30204	github.com/golang-jwt/jwt/v5	HIGH	v5.2.0	5.2.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-envoy image

No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.0 (ubuntu 20.04)

gloo mesh enterprise gloo-mesh-spire-controller image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-portal-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-25621	github.com/containerd/containerd	HIGH	v1.7.12	1.7.29	https://avd.aquasec.com/nvd/cve-2024-25621
CVE-2024-41110	github.com/docker/docker	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30153	github.com/getkin/kin-openapi	HIGH	v0.107.0	0.131.0	https://avd.aquasec.com/nvd/cve-2025-30153
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.0 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.4-r5	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

gloo mesh enterprise gloo-mesh-analyzer image

Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.0 (alpine 3.18.8)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-6119	libcrypto3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
CVE-2024-6119	libssl3	HIGH	3.1.6-r0	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-41110	github.com/docker/docker	CRITICAL	v25.0.5+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	https://avd.aquasec.com/nvd/cve-2024-41110
CVE-2025-30204	github.com/golang-jwt/jwt/v4	HIGH	v4.5.0	4.5.2	https://avd.aquasec.com/nvd/cve-2025-30204
CVE-2024-45337	golang.org/x/crypto	CRITICAL	v0.25.0	0.31.0	https://avd.aquasec.com/nvd/cve-2024-45337
CVE-2025-22869	golang.org/x/crypto	HIGH	v0.25.0	0.35.0	https://avd.aquasec.com/nvd/cve-2025-22869
CVE-2025-22868	golang.org/x/oauth2	HIGH	v0.20.0	0.27.0	https://avd.aquasec.com/nvd/cve-2025-22868
CVE-2025-53547	helm.sh/helm/v3	HIGH	v3.14.3	3.18.4, 3.17.4	https://avd.aquasec.com/nvd/cve-2025-53547
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20240511025857-aaf597fbfae6	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2024-34156	stdlib	HIGH	1.22.4	1.22.7, 1.23.1	https://avd.aquasec.com/nvd/cve-2024-34156
CVE-2025-47907	stdlib	HIGH	1.22.4	1.23.12, 1.24.6	https://avd.aquasec.com/nvd/cve-2025-47907
CVE-2025-47912	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-47912
CVE-2025-58183	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58183
CVE-2025-58186	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58186
CVE-2025-58187	stdlib	HIGH	1.22.4	1.24.9, 1.25.3	https://avd.aquasec.com/nvd/cve-2025-58187
CVE-2025-58188	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-58188
CVE-2025-61724	stdlib	HIGH	1.22.4	1.24.8, 1.25.2	https://avd.aquasec.com/nvd/cve-2025-61724

Security and CVE scan results

Security and CVE scan link

Security and CVE scan