pkg:Go/github.com/cilium/cilium
62 total CVEsHIGH13MEDIUM41LOW8
✅ Check your installed version
All known vulnerabilities
- from 0, < 1.9.16, >= 1.10.0, < 1.10.11, >= 1.11.0, < 1.11.5
- >= 1.11.0, < 1.11.5
- from 0, < 1.13.14, >= 1.14.0, < 1.14.9, >= 1.15.0, < 1.15.3
- >= 1.4.0, < 1.13.14
- HIGH7.9CVE-2026-41520Cillium exposes sensitive information included in the cilium-bugtool debug archivefrom 0, < 1.17.15
- >= 1.13.0, < 1.13.17
- >= 1.13.0, < 1.13.17, >= 1.14.0, < 1.14.12, >= 1.15.0, < 1.15.6
- from 0, < 1.9.16, >= 1.10.0, < 1.10.11, >= 1.11.0, < 1.11.5
- >= 1.11.0, < 1.11.5
- >= 1.13.9, < 1.13.13
- >= 1.13.9, < 1.13.13, >= 1.14.0, < 1.14.8, >= 1.15.0, < 1.15.2
- >= 1.7.0, <= 1.10.0
- >= 1.7.0, < 1.11.16, >= 1.12.0, < 1.12.9, >= 1.13.0, < 1.13.2
- >= 1.14.0, < 1.14.2
- from 0, < 1.12.14, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.2
- from 0, < 1.14.14
- from 0, < 1.14.14, >= 1.15.0, < 1.15.8
- >= 1.14.0, < 1.14.19
- >= 1.14.0, < 1.14.19, >= 1.15.0, < 1.15.13, >= 1.16.0, < 1.16.6
- MEDIUM6.5CVE-2023-27595Cilium eBPF filters may be temporarily removed during agent restart in github.com/cilium/cilium>= 1.13.0, < 1.13.1
- MEDIUM6.5CVE-2023-27595Cilium eBPF filters may be temporarily removed during agent restart in github.com/cilium/cilium>= 1.13.0, < 1.13.1
- MEDIUM6.1CVE-2026-26963Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled>= 1.18.0, < 1.18.6
- MEDIUM6.1CVE-2026-26963Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled>= 1.18.0, < 1.18.6
- >= 1.14.0, < 1.14.8
- >= 1.14.0, < 1.14.8, >= 1.15.0, < 1.15.2
- from 0, < 1.13.13
- from 0, < 1.13.13, >= 1.14.0, < 1.14.8, >= 1.15.0, < 1.15.2
- MEDIUM6.1CVE-2024-25631Unencrypted traffic between pods when using Wireguard and an external kvstore>= 1.14.0, < 1.14.7
- MEDIUM6.1CVE-2024-25631Unencrypted traffic between pods when using Wireguard and an external kvstore>= 1.14.0, < 1.14.7
- MEDIUM6.1CVE-2024-25630Unencrypted ingress/health traffic when using Wireguard transparent encryption in github.com/cilium/cilium>= 1.14.0, < 1.14.7
- MEDIUM6.1CVE-2024-25630Unencrypted ingress/health traffic when using Wireguard transparent encryption in github.com/cilium/cilium>= 1.14.0, < 1.14.7
- MEDIUM5.8CVE-2024-52529Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in github.com/cilium/cilium>= 1.16.0, < 1.16.4
- MEDIUM5.8CVE-2024-52529Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in github.com/cilium/cilium>= 1.16.0, < 1.16.4
- from 0, < 1.17.14
- from 0, < 1.17.14, >= 1.18.0, < 1.18.8, >= 1.19.0, < 1.19.2
- MEDIUM5.4CVE-2024-42486Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium>= 1.16.0, < 1.16.1
- MEDIUM5.4CVE-2024-42486Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium>= 1.15.0, < 1.15.8, >= 1.16.0, < 1.16.1
- MEDIUM5.4CVE-2023-39347Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/ciliumfrom 0, < 1.12.14, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.2
- MEDIUM5.4CVE-2023-39347Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium>= 1.13.0, < 1.13.7
- >= 1.14.0, < 1.14.18, >= 1.15.0, < 1.15.12, >= 1.16.0, < 1.16.5
- >= 1.14.0, < 1.14.18
- from 0, < 1.11.16, >= 1.12.0, < 1.12.9, >= 1.13.0, < 1.13.2
- from 0, < 1.11.16
- from 0, < 1.11.15
- MEDIUM4.2CVE-2023-27594Potential network policy bypass when routing IPv6 traffic in github.com/cilium/ciliumfrom 0, < 1.11.15, >= 1.12.0, < 1.12.8, >= 1.13.0, < 1.13.1
- MEDIUM4.2CVE-2023-27594Potential network policy bypass when routing IPv6 traffic in github.com/cilium/ciliumfrom 0, < 1.11.15
- MEDIUM4.0CVE-2025-64715Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic>= 1.18.0, < 1.18.4
- MEDIUM4.0CVE-2025-64715Cilium with misconfigured toGroups in policies can lead to unrestricted egress trafficfrom 0, < 1.16.17, >= 1.17.0, < 1.17.10, >= 1.18.0, < 1.18.4
- MEDIUM4.0CVE-2025-32793In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters>= 1.13.0, < 1.15.16
- MEDIUM4.0CVE-2025-32793In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters>= 1.13.0, < 1.15.16, >= 1.16.0, < 1.16.9, >= 1.17.0, < 1.17.3
- MEDIUM4.0CVE-2024-47825Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present>= 1.15.0, < 1.15.10
- MEDIUM4.0CVE-2024-47825Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present>= 1.14.0, < 1.14.16, >= 1.15.0, < 1.15.10
- >= 1.16.0, < 1.16.1
- >= 1.15.0, < 1.15.8, >= 1.16.0, < 1.16.1
- >= 1.14.0, < 1.14.2
- from 0, < 1.12.14, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.2
- LOW3.4CVE-2025-30163Cilium node based network policies may incorrectly allow workload traffic in github.com/cilium/cilium>= 1.16.0, < 1.16.8, >= 1.17.0, < 1.17.2
- LOW3.4CVE-2025-30163Cilium node based network policies may incorrectly allow workload traffic in github.com/cilium/cilium>= 1.16.0, < 1.16.8
- LOW3.4CVE-2023-34242Cilium vulnerable to information leakage via incorrect ReferenceGrant handling in github.com/cilium/cilium>= 1.13.0, < 1.13.4
- LOW3.4CVE-2023-34242Cilium vulnerable to information leakage via incorrect ReferenceGrant handling in github.com/cilium/cilium>= 1.13.0, < 1.13.4
- LOW3.2CVE-2025-30162Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers in github.com/cilium/cilium>= 1.15.0, < 1.15.15, >= 1.16.0, < 1.16.8, >= 1.17.0, < 1.17.2
- LOW3.2CVE-2025-30162Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers in github.com/cilium/cilium>= 1.16.0, < 1.16.8