Is istio.io/istio safe to use?

istio.io/istio has 10 known vulnerabilities on the latest version (v0.0.0-20260502185226-0424593ecc7a). DepScope rates its health at 34/100 (critical risk).

What is the latest version of istio.io/istio?

The latest version of istio.io/istio is v0.0.0-20260502185226-0424593ecc7a, released 2026-05-02.

Does istio.io/istio have known vulnerabilities?

Yes. istio.io/istio has 10 known vulnerabilities. See depscope.dev/pkg/go/istio.io/istio for details.

Is istio.io/istio deprecated?

No, istio.io/istio is actively maintained. Latest release: v0.0.0-20260502185226-0424593ecc7a (2026-05-02).

What are alternatives to istio.io/istio?

DepScope has no curated alternatives for istio.io/istio at this time.

What license does istio.io/istio use?

istio.io/istio is licensed under Apache-2.0.

istio.io/istio

govv0.0.0-20260502185226-0424593ecc7a

License Apache-2.0permissive0 versions0 deps

/ 100

Health

update required

istio.io/[email protected] has vulnerabilities — update to latest

Update to >= 1.14.1 to fix known vulnerabilities

Moderate health score (34/100) — verify manually
6 high severity vulnerabilities

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

0/25

security

9/15

maturity

0/15

community

Vulnerabilities

6 high4 medium

Advisories (10)

Severity	ID	Summary	Fixed in
high	CVE-2019-12243	Istio may not check inbound TCP connections against istio-policy	1.1.7
high	CVE-2021-39155	Authorization Policy Bypass Due to Case Insensitive Host Comparison	1.11.1
medium	CVE-2020-16844	Authorization bypass in Istio	1.6.8
high	CVE-2022-23635	Unauthenticated control plane denial of service attack in Istio	1.11.7
medium	CVE-2026-39350	Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots	0.0.0-20260403004500-692e460c342d
medium	GHSA-fgw5-hp8f-xfhc	Istio: SSRF via RequestAuthentication jwksUri	0.0.0-20260410004459-189832a289c1
high	CVE-2021-39156	Istio Fragments in Path May Lead to Authorization Policy Bypass	1.11.1
high	CVE-2019-14993	Istio ReDoS Vulnerability	1.2.4
high	CVE-2019-18817	Istio vulnerable to denial of service	1.3.5
medium	CVE-2022-31045	Ill-formed headers may lead to unexpected behavior in Istio	1.14.1

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/istio.io/istio

Last updated · 2026-05-02T18:52:26Z