envoyproxy Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by envoyproxy
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Credential Exposure in Envoy Gateway by Envoy Proxy Lua Scripts
CVE-2026-22771EnvoyproxyGateway8.8HIGHUse-After-Free Vulnerability in Envoy Proxy by Envoy Project
CVE-2025-54588EnvoyproxyEnvoy7.5HIGHService Proxy Vulnerability in Envoy by Envoy Proxy
CVE-2025-30157EnvoyproxyEnvoy7.5HIGHPath Traversal Vulnerability in Envoy Gateway by EnvoyProxy
CVE-2025-24030EnvoyproxyGateway7.1HIGHCloud-Native Edge Proxy Vulnerability Affecting Envoy by EnvoyProxy
CVE-2024-34363EnvoyproxyEnvoy7.5HIGHDenial of Service Vulnerability in Envoy's HTTP/2 Protocol Stack
CVE-2024-27919EnvoyproxyEnvoyEPSS 19%7.5HIGHEnvoy Proxy Crashes Due to Timing Issues
CVE-2024-23322envoyproxyenvoy7.5HIGHEnvoy Edge/Middle/Service Proxy Vulnerability
CVE-2024-23324envoyproxyenvoy7.5HIGHEnvoy Crashes in Proxy Protocol with IPv6 Addresses
CVE-2024-23325EnvoyproxyEnvoy7.5HIGHEnvoy Proxy Segfaults with PPv2 and LOCAL Requests
CVE-2024-23327EnvoyproxyEnvoy7.5HIGHEnvoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes
CVE-2023-35944EnvoyproxyEnvoy8.2HIGHEnvoy vulnerable to OAuth2 credentials exploit with permanent validity
CVE-2023-35941EnvoyproxyEnvoy8.6HIGHEnvoy vulnerable to HTTP/2 memory leak in nghttp2 codec
CVE-2023-35945EnvoyproxyEnvoy7.5HIGHEnvoy doesn't escape HTTP header values
CVE-2023-27493EnvoyproxyEnvoy8.1HIGHEnvoy client may fake the header `x-envoy-original-path`
CVE-2023-27487EnvoyproxyEnvoy8.2HIGHUse after free in Envoy
CVE-2022-29227EnvoyproxyEnvoy7.5HIGHTrivial authentication bypass in Envoy
CVE-2022-29226EnvoyproxyEnvoy10CRITICALReachable assertion in Envoy
CVE-2022-29228EnvoyproxyEnvoy7.5HIGHZip bomb vulnerability in Envoy
CVE-2022-29225EnvoyproxyEnvoy7.5HIGHCrash when tunneling TCP over HTTP in Envoy
CVE-2021-43826EnvoyproxyEnvoy7.5HIGHIncorrect handling of internal redirects results in crash in Envoy
CVE-2022-21655EnvoyproxyEnvoy7.5HIGHIncorrect configuration handling allows TLS session re-use without re-validation in Envoy
CVE-2022-21654EnvoyproxyEnvoy7.4HIGHX.509 subjectAltName matching bypass in Envoy
CVE-2022-21656EnvoyproxyEnvoy7.4HIGHNull pointer dereference in envoy
CVE-2021-43824EnvoyproxyEnvoy7.5HIGHIncorrect handling of H/2 GOAWAY followed by SETTINGS frames
CVE-2021-32780EnvoyproxyEnvoy8.6HIGH