Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how envoy compares to other vendors in security performance

View Risk Score →

Envoy EnvoyEnvoy Query Parameter header_mutation.cc params.add injection

Risk 33
Severity
5.3
EPSS
0.05%
First published (updated )
CVE-2026-6994

Envoyproxy EnvoyEnvoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

Risk 48
Severity
7.1
First published (updated )
CVE-2025-66220

Envoyproxy EnvoyEnvoy forwards early CONNECT data in TCP proxy mode

Risk 27
Severity
5.3
First published (updated )
CVE-2025-64763

Envoyproxy EnvoyEnvoy crashes when JWT authentication is configured with the remote JWKS fetching

Risk 38
Severity
6.5
First published (updated )
CVE-2025-64527

Envoyproxy EnvoyEnvoy Lua filter use-after-free when oversized rewritten response body causes crash

Risk 43
Severity
7.5
First published (updated )
CVE-2025-62504
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Envoyproxy EnvoyEnvoy allows large requests and responses to cause TCP connection pool crash

Risk 43
Severity
7.5
First published (updated )
CVE-2025-62409

Envoyproxy EnvoyEnvoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag

Risk 79
Severity
8.8
First published (updated )
CVE-2025-55162

Envoyproxy EnvoyEnvoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults

Risk 43
Severity
7.5
First published (updated )
CVE-2025-54588

Envoyproxy EnvoyEnvoy vulnerable to bypass of RBAC uri_template permission

Risk 19
Severity
5.3
EPSS
0.10%
First published (updated )
CVE-2025-46821

go/github.com/envoyproxy/envoyEnvoy crashes when HTTP ext_proc processes local replies

Risk 31
Severity
7.5
EPSS
0.00%
First published (updated )
CVE-2025-30157
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

go/github.com/envoyproxy/gatewayEnvoy Gateway Log Injection Vulnerability

Risk 19
Severity
5.3
EPSS
0.12%
First published (updated )
CVE-2025-25294

go/github.com/envoyproxy/gatewayEnvoy Admin Interface Exposed through prometheus metrics endpoint

Risk 35
Severity
7.1
EPSS
0.04%
First published (updated )
CVE-2025-24030

Envoy Envoy ProxyNull Pointer Dereference

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2333091

Envoyproxy EnvoyHTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy

Risk 49
Severity
7.1
First published (updated )
CVE-2024-53271

Envoyproxy EnvoyHTTP/1: sending overload crashes when the request is reset beforehand in envoy

Risk 45
Severity
7.5
First published (updated )
CVE-2024-53270
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Envoyproxy EnvoyHappy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy

Risk 45
Severity
7.5
First published (updated )
CVE-2024-53269

Envoy Envoy ProxyEnvoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http a…

Risk 18
Severity
4
First published (updated )
REDHAT-BUG-2313687

Envoy EnvoyEnvoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identif…

Risk 18
Severity
4
First published (updated )
REDHAT-BUG-2313685

Envoy Envoy ProxyEnvoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envo…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2313683

Envoy EnvoyUpload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x

Risk 72
Severity
8.6
First published (updated )
CVE-2024-21881
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Envoy EnvoyA flaw was found in Envoy. It is possible to modify/manipulate headers from external clients when pa…

Risk 32
Severity
7
First published (updated )
REDHAT-BUG-2300352

Envoyproxy EnvoyEnvoy Proxy use after free when route hash policy is configured with cookie attributes

Risk 66
Severity
9.1
First published (updated )
CVE-2024-39305

Envoy security releases [1.29.3, 1.28.2, 1.27.4, 1.26.8] are now available

First published (updated )
https://seclists.org/oss-sec/2024/q2/37

Envoyproxy EnvoyHTTP/2: memory exhaustion due to CONTINUATION frame flood

Risk 43
Severity
7.5
First published (updated )
CVE-2024-27919

CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations

First published (updated )
https://seclists.org/oss-sec/2023/q4/75
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Envoy EnvoyIf origin header is configured to be removed with request_headers_to_remove: origin, CORS filter wil…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2217987

Envoy EnvoyIf Envoy is running with the OAuth filter enabled exposed, a malicious actor could construct a reque…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2182155

Envoy EnvoyThe header x-envoy-original-path should be an internal header, but Envoy does not remove this heade…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2179135

Envoy EnvoyA flaw was found in Envoy 1.9.0 and older. Envoy does not normalize HTTP URL paths. A remote attacke…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-1698025

Envoy EnvoyA flaw was found in Envoy 1.9.0 and older. When parsing HTTP/1.x header values, Envoy does not rejec…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-1698020
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203