github.com/envoyproxy/envoy vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-26330Mediumgithub.com/envoyproxy/envoy: Envoy's global rate limit may crash when the response phase limit is enabled and the response phase…CVE-2026-26311Mediumgithub.com/envoyproxy/envoy: Envoy: HTTP - filter chain execution on reset streams causing UAF crashCVE-2026-26309Mediumgithub.com/envoyproxy/envoy: Envoy affected by off-by-one write in JsonEscaper::escapeString()CVE-2026-26308Highgithub.com/envoyproxy/envoy: Envoy has RBAC Header Validation Bypass via Multi-Value Header ConcatenationCVE-2026-26310Mediumgithub.com/envoyproxy/envoy: Envoy vulnerable to crash for scoped ip address during DNSCVE-2025-66220Mediumgithub.com/envoyproxy/envoy: Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat…CVE-2025-64763Lowgithub.com/envoyproxy/envoy: Envoy forwards early CONNECT data in TCP proxy modeCVE-2025-64527Mediumgithub.com/envoyproxy/envoy: Envoy crashes when JWT authentication is configured with the remote JWKS fetchingCVE-2025-54588Highgithub.com/envoyproxy/envoy: Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faultsCVE-2025-30157Mediumgithub.com/envoyproxy/envoy: Envoy crashes when HTTP ext_proc processes local repliesCVE-2019-9901Criticalgithub.com/envoyproxy/envoy: EnvoyProxy Envoy Missing HTTP URL path normalization

Stop the waste.
Protect your environment with Kodem.