envoy-gateway

Direct Vulnerabilities

Known vulnerabilities in the envoy-gateway package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-jpcc-p29g-p8mq	<1.8.1-r2
L GHSA-xhf5-7wjv-pqxp	<1.8.1-r2
L CVE-2026-53488	<1.8.1-r2
L CVE-2026-47262	<1.8.1-r2
L GHSA-h524-452v-82p9	<1.8.0-r3
L CVE-2026-42504	<1.8.0-r3
L CVE-2026-27145	<1.8.0-r3
L CVE-2026-42507	<1.8.0-r3
L GHSA-h3gm-q7m7-mp28	<1.8.0-r3
L GHSA-4279-q6mj-392r	<1.8.0-r3
L GHSA-fqw6-gf59-qr4w	<1.8.0-r1
L CVE-2026-46680	<1.8.0-r1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<1.7.3-r0
C SQL Injection	<1.7.2-r7
L GHSA-j88v-2chj-qfwx	<1.7.2-r7
L GHSA-hr2v-4r36-88hr	<1.7.2-r6
M Directory Traversal	<1.7.2-r6
L GHSA-6pjf-3r9x-m592	<1.7.2-r5
M Incorrect Authorization	<1.7.2-r5
L GHSA-pc3f-x583-g7j2	<1.7.2-r4
H Untrusted Search Path	<1.7.2-r2
L Allocation of Resources Without Limits or Throttling	<1.7.2-r4
L Uncontrolled Memory Allocation	<1.7.2-r4
L GHSA-hfvc-g4fc-pqhx	<1.7.2-r2
L GHSA-w8rr-5gcm-pp58	<1.7.2-r4
C CVE-2026-27143	<1.7.2-r0
L GHSA-cfp9-33rc-j74f	<1.7.2-r0
M Allocation of Resources Without Limits or Throttling	<1.7.2-r0
L GHSA-x4jj-h2v8-hqqv	<1.7.2-r0
L GHSA-jrg3-gfjw-hm96	<1.7.2-r0
L GHSA-m4pr-4j3g-9v7v	<1.7.2-r0
L CVE-2026-32280	<1.7.2-r0
L GHSA-7mr4-xjxg-34g6	<1.7.2-r0
L GHSA-gjvh-7jh8-7xhm	<1.7.2-r0
M Cross-site Scripting (XSS)	<1.7.2-r0
H Improper Certificate Validation	<1.7.2-r0
H Access of Resource Using Incompatible Type ('Type Confusion')	<1.7.2-r0
L CVE-2026-33816	<1.7.2-r1
H Incorrect Authorization	<1.7.2-r0
H Allocation of Resources Without Limits or Throttling	<1.7.2-r0
L GHSA-9jj7-4m8r-rfcm	<1.7.2-r1
L GHSA-5w89-2c2x-6x66	<1.7.2-r0
L GHSA-cqrx-3m42-5p5w	<1.7.2-r0
L Server-Side Request Forgery (SSRF)	<1.7.1-r3
L GHSA-3p65-76g6-3w7r	<1.7.1-r3
L GHSA-f2g3-hh2r-cwgc	<1.7.1-r3
L Improper Access Control	<1.7.1-r3
L GHSA-78h2-9frx-2jm8	<1.7.1-r2
L Uncaught Exception	<1.7.1-r2
L GHSA-p77j-4mvh-x3m3	<1.7.1-r1
L Improper Authorization	<1.7.1-r1
L Untrusted Search Path	<1.7.0-r2
L GHSA-m6hq-p25p-ffr2	<1.5.4-r1
L GHSA-557j-xg8c-q2mm	<1.4.2-r1
L GHSA-fv92-fjc5-jj9h	<1.4.1-r2
L CVE-2025-22872	<1.3.2-r3
L GHSA-vvgc-356p-c3xw	<1.3.2-r3
L CVE-2025-47914	<1.6.0-r1
L GHSA-fw7p-63qq-7hpr	<1.7.0-r1
L Allocation of Resources Without Limits or Throttling	<1.5.0-r3
L GHSA-j777-63hf-hx76	<1.2.6-r0
L Unprotected Primary Channel	<1.2.6-r0
L CVE-2025-4673	<1.4.1-r1
L GHSA-62jj-gr2r-5c34	<1.4.1-r1
H Incorrect Execution-Assigned Permissions	<1.5.4-r1
L Allocation of Resources Without Limits or Throttling	<1.5.0-r1
L GHSA-f6x5-jh6r-wrfv	<1.6.0-r1
L GHSA-cgrx-mc8f-2prm	<1.7.0-r0
L GHSA-265r-hfxg-fhmg	<1.3.1-r2
L CVE-2025-22871	<1.3.2-r1
H Integer Overflow or Wraparound	<1.3.1-r2
L Use of Uninitialized Resource	<1.5.0-r1
L GHSA-w32m-9786-jp63	<1.2.4-r1
L GHSA-9h84-qmv7-982p	<1.5.0-r1
L GHSA-g9pc-8g42-g6vq	<1.3.2-r1
H Arbitrary Code Injection	<1.4.2-r1
L GHSA-9h8m-3fm2-qjrq	<1.7.0-r2
L CVE-2024-45338	<1.2.4-r1
L CVE-2025-22874	<1.4.1-r1
M Memory Leak	<1.5.4-r1
L CVE-2025-22870	<1.3.1-r1
L CVE-2025-22866	<1.3.0-r1
L GHSA-3whm-j4xm-rv8x	<1.3.0-r1
L GHSA-pwhc-rpq9-4c8w	<1.5.4-r1
L GHSA-qxp5-gwg8-xv66	<1.3.1-r1
L GHSA-6f52-wpx2-hvf2	<1.4.1-r1
H Symlink Following	<1.7.0-r0
L CVE-2025-58181	<1.6.0-r1
L GHSA-jc7w-c686-c4v9	<1.5.0-r3
L GHSA-j5w8-q4qc-rx2x	<1.6.0-r1
L GHSA-v778-237x-gjrc	<1.2.3-r1
L GHSA-f9f8-9pmf-xv68	<1.5.0-r1
L Improper Initialization	<1.7.0-r1
L CVE-2024-45337	<1.2.3-r1

Vulnerability

Vulnerable Version

GHSA-jpcc-p29g-p8mq

<1.8.1-r2