{"package":"istio.io/istio","ecosystem":"go","latest_version":"v0.0.0-20260502185226-0424593ecc7a","description":"","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/istio.io/istio","repository":"","downloads_weekly":0,"health":{"score":34,"risk":"critical","breakdown":{"maintenance":25,"popularity":0,"security":0,"maturity":9,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":10,"critical":0,"high":6,"medium":4,"low":0,"details":[{"vuln_id":"CVE-2019-12243","severity":"high","summary":"Istio may not check inbound TCP connections against istio-policy","affected_versions":">=1.1.0,<1.1.7","fixed_version":"1.1.7","source":"osv","published_at":"2022-02-15T01:57:18Z","in_kev":false,"epss_prob":0.00122,"epss_percentile":0.30832,"threat_tier":"theoretical"},{"vuln_id":"CVE-2021-39155","severity":"high","summary":"Authorization Policy Bypass Due to Case Insensitive Host Comparison","affected_versions":"<1.9.8|>=1.10.0,<1.10.4|>=1.11.0,<1.11.1|=1.11.0","fixed_version":"1.11.1","source":"osv","published_at":"2021-08-30T16:15:56Z","in_kev":false,"epss_prob":0.00171,"epss_percentile":0.38064,"threat_tier":"theoretical"},{"vuln_id":"CVE-2020-16844","severity":"medium","summary":"Authorization bypass in Istio","affected_versions":">=1.5.0,<1.5.9|>=1.6.0,<1.6.8","fixed_version":"1.6.8","source":"osv","published_at":"2022-02-15T01:57:18Z","in_kev":false,"epss_prob":0.00284,"epss_percentile":0.51721,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-23635","severity":"high","summary":"Unauthenticated control plane denial of service attack in Istio","affected_versions":">=1.13.0,<1.13.1|>=1.12.0,<1.12.4|<1.11.7|=1.13.0","fixed_version":"1.11.7","source":"osv","published_at":"2022-02-23T14:59:08Z","in_kev":false,"epss_prob":0.00679,"epss_percentile":0.7165,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-39350","severity":"medium","summary":"Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots","affected_versions":">=0.0.0-20241024090207-0bf27d49ba4b,<0.0.0-20260403004500-692e460c342d","fixed_version":"0.0.0-20260403004500-692e460c342d","source":"osv","published_at":"2026-04-16T20:44:46Z","in_kev":false,"epss_prob":0.0001,"epss_percentile":0.01137,"threat_tier":"theoretical"},{"vuln_id":"GHSA-fgw5-hp8f-xfhc","severity":"medium","summary":"Istio: SSRF via RequestAuthentication jwksUri","affected_versions":"<0.0.0-20260410004459-189832a289c1","fixed_version":"0.0.0-20260410004459-189832a289c1","source":"osv","published_at":"2026-04-16T21:38:09Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2021-39156","severity":"high","summary":"Istio Fragments in Path May Lead to Authorization Policy Bypass","affected_versions":"<1.9.8|>=1.10.0,<1.10.4|>=1.11.0,<1.11.1|=1.11.0","fixed_version":"1.11.1","source":"osv","published_at":"2021-08-30T16:16:14Z","in_kev":false,"epss_prob":0.00236,"epss_percentile":0.46422,"threat_tier":"theoretical"},{"vuln_id":"CVE-2019-14993","severity":"high","summary":"Istio ReDoS Vulnerability","affected_versions":"<1.1.13|>=1.2.0,<1.2.4","fixed_version":"1.2.4","source":"osv","published_at":"2022-05-24T16:53:16Z","in_kev":false,"epss_prob":0.00652,"epss_percentile":0.70975,"threat_tier":"theoretical"},{"vuln_id":"CVE-2019-18817","severity":"high","summary":"Istio vulnerable to denial of service","affected_versions":">=1.3.0,<1.3.5","fixed_version":"1.3.5","source":"osv","published_at":"2022-05-24T22:01:14Z","in_kev":false,"epss_prob":0.00536,"epss_percentile":0.67554,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-31045","severity":"medium","summary":"Ill-formed headers may lead to unexpected behavior in Istio","affected_versions":"<1.12.18|>=1.13.0,<1.13.5|>=1.14.0,<1.14.1","fixed_version":"1.14.1","source":"osv","published_at":"2022-06-10T19:53:55Z","in_kev":false,"epss_prob":0.00339,"epss_percentile":0.56631,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v0.0.0-20260502185226-0424593ecc7a","total_count":0,"recent":[]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2026-05-02T18:52:26Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Moderate health score (34/100) — verify manually","6 high severity vulnerabilities"],"use_version":"v0.0.0-20260502185226-0424593ecc7a","version_hint":"Update to >= 1.14.1 to fix known vulnerabilities","summary":"istio.io/istio@v0.0.0-20260502185226-0424593ecc7a has vulnerabilities — update to latest"},"version_scoped":null,"_meta":{"endpoint":"check","tier":"full","philosophy":"DepScope is free. Use the cheapest endpoint that answers your real question.","cheaper_alternatives":[{"endpoint":"/api/exists/go/istio.io%2Fistio","tokens_estimated":12,"use_when":"you only need to know if the package exists (hallucination guard)"},{"endpoint":"/api/health/go/istio.io%2Fistio","tokens_estimated":80,"use_when":"you only need a 0-100 score for go/no-go (>=70 = safe)"},{"endpoint":"/api/prompt/go/istio.io%2Fistio","tokens_estimated":280,"use_when":"you want a plain-text LLM-friendly brief instead of JSON"},{"endpoint":"POST /api/check_bulk","tokens_estimated":60,"use_when":"you have 5+ packages to check; sends one round-trip instead of N"}],"docs":"https://depscope.dev/integrate","hint_bulk":"You've called /api/check 7 times in 60s. Save bandwidth + tokens with POST /api/check_bulk (1 round-trip for N pkgs)."},"requested_version":null,"_cache":"miss","_response_ms":487,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":1,"first_release_age_days":null,"last_release_days_ago":1,"avg_days_between_releases":null,"release_velocity":"active"}}