envoyproxy Envoy Vulnerabilities
Envoyproxy Envoy vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Session Expiration Flaw in Envoy Proxy by Envoy
CVE-2025-55162EnvoyproxyEnvoy6.3MEDIUMUse-After-Free Vulnerability in Envoy Proxy by Envoy Project
CVE-2025-54588EnvoyproxyEnvoy7.5HIGHEnvoy Proxy URI Path Validation Issue in Envoy Proxy
CVE-2025-46821EnvoyproxyEnvoy5.3MEDIUMService Proxy Vulnerability in Envoy by Envoy Proxy
CVE-2025-30157EnvoyproxyEnvoy7.5HIGHArbitrary Memory Access Vulnerability in Envoy Due to Freed Memory Reference
CVE-2024-39305EnvoyproxyEnvoy6.5MEDIUMUse-After-Free Crash in EnvoyQuicServerStream
CVE-2024-32974EnvoyproxyEnvoy5.9MEDIUMCloud-Native Edge Proxy Vulnerability Affecting Envoy by EnvoyProxy
CVE-2024-34363EnvoyproxyEnvoy7.5HIGHEnvoy Exposes Out-of-Memory Vulnerability in Mirror Response
CVE-2024-34364EnvoyproxyEnvoy5.7MEDIUMEnvoy HTTP/2 Protocol Vulnerable to CPU Exhaustion Due to CONTINUATION Frame Flood
CVE-2024-30255EnvoyproxyEnvoyπΎπ‘EPSS 91%5.3MEDIUMEnvoy Proxy Crashes Due to Timing Issues
CVE-2024-23322envoyproxyenvoy7.5HIGHEnvoy Addresses High CPU Usage and Increased Request Latency Issue with Regular Expressions
CVE-2024-23323envoyproxyenvoy5.3MEDIUMEnvoy Edge/Middle/Service Proxy Vulnerability
CVE-2024-23324envoyproxyenvoy7.5HIGHEnvoy Crashes in Proxy Protocol with IPv6 Addresses
CVE-2024-23325EnvoyproxyEnvoy7.5HIGHEnvoy Proxy Segfaults with PPv2 and LOCAL Requests
CVE-2024-23327EnvoyproxyEnvoy7.5HIGHEnvoy's gRPC access log crash caused by the listener draining
CVE-2023-35942EnvoyproxyEnvoy6.5MEDIUMEnvoy vulnerable to CORS filter segfault when origin header is removed
CVE-2023-35943EnvoyproxyEnvoy6.3MEDIUMEnvoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes
CVE-2023-35944EnvoyproxyEnvoy8.2HIGHEnvoy vulnerable to OAuth2 credentials exploit with permanent validity
CVE-2023-35941EnvoyproxyEnvoy8.6HIGHEnvoy vulnerable to HTTP/2 memory leak in nghttp2 codec
CVE-2023-35945EnvoyproxyEnvoy7.5HIGHEnvoy doesn't escape HTTP header values
CVE-2023-27493EnvoyproxyEnvoy8.1HIGHEnvoy may crash when a redirect url without a state param is received in the oauth filter
CVE-2023-27496EnvoyproxyEnvoy6.5MEDIUMEnvoy forwards invalid Http2/Http3 downstream headers
CVE-2023-27491EnvoyproxyEnvoy5.4MEDIUMEnvoy may crash when a large request body is processed in Lua filter
CVE-2023-27492EnvoyproxyEnvoy4.8MEDIUMEnvoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
CVE-2023-27488EnvoyproxyEnvoy5.4MEDIUMEnvoy client may fake the header `x-envoy-original-path`
CVE-2023-27487EnvoyproxyEnvoy8.2HIGH