diff --git a/content/en/news/releases/1.16.x/announcing-1.16.7/index.md b/content/en/news/releases/1.16.x/announcing-1.16.7/index.md
index a91708387a..645f200d86 100644
--- a/content/en/news/releases/1.16.x/announcing-1.16.7/index.md
+++ b/content/en/news/releases/1.16.x/announcing-1.16.7/index.md
@@ -17,7 +17,7 @@ This is the last release of Istio 1.16.
 
 ## Security update
 
-- __CVE-2023-35941__: (CVSS Score 8.6, High): OAuth2 credentials exploit with permanent validity.
-- __CVE-2023-35942__: (CVSS Score 6.5, Moderate): gRPC access log crash caused by the listener draining.
-- __CVE-2023-35943__: (CVSS Score 6.3, Moderate): CORS filter segfault when origin header is removed.
-- __CVE-2023-35944__: (CVSS Score 8.2, High): Incorrect handling of HTTP requests and responses with mixed case schemes in Envoy.
+- __[CVE-2023-35941](https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55)__: (CVSS Score 8.6, High): OAuth2 credentials exploit with permanent validity.
+- __[CVE-2023-35942](https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4)__: (CVSS Score 6.5, Moderate): gRPC access log crash caused by the listener draining.
+- __[CVE-2023-35943](https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq)__: (CVSS Score 6.3, Moderate): CORS filter segfault when origin header is removed.
+- __[CVE-2023-35944](https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g)__: (CVSS Score 8.2, High): Incorrect handling of HTTP requests and responses with mixed case schemes in Envoy.
diff --git a/content/en/news/releases/1.17.x/announcing-1.17.5/index.md b/content/en/news/releases/1.17.x/announcing-1.17.5/index.md
index 507e46619a..ed83b4229e 100644
--- a/content/en/news/releases/1.17.x/announcing-1.17.5/index.md
+++ b/content/en/news/releases/1.17.x/announcing-1.17.5/index.md
@@ -15,7 +15,7 @@ This release note describes what’s different between Istio 1.17.4 and 1.17.5.
 
 ## Security update
 
-- __CVE-2023-35941__: (CVSS Score 8.6, High): OAuth2 credentials exploit with permanent validity.
-- __CVE-2023-35942__: (CVSS Score 6.5, Moderate): gRPC access log crash caused by the listener draining.
-- __CVE-2023-35943__: (CVSS Score 6.3, Moderate): CORS filter segfault when origin header is removed.
-- __CVE-2023-35944__: (CVSS Score 8.2, High): Incorrect handling of HTTP requests and responses with mixed case schemes in Envoy.
+- __[CVE-2023-35941](https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55)__: (CVSS Score 8.6, High): OAuth2 credentials exploit with permanent validity.
+- __[CVE-2023-35942](https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4)__: (CVSS Score 6.5, Moderate): gRPC access log crash caused by the listener draining.
+- __[CVE-2023-35943](https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq)__: (CVSS Score 6.3, Moderate): CORS filter segfault when origin header is removed.
+- __[CVE-2023-35944](https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g)__: (CVSS Score 8.2, High): Incorrect handling of HTTP requests and responses with mixed case schemes in Envoy.
diff --git a/content/en/news/releases/1.18.x/announcing-1.18.2/index.md b/content/en/news/releases/1.18.x/announcing-1.18.2/index.md
index c538aabab7..5f43f0b63d 100644
--- a/content/en/news/releases/1.18.x/announcing-1.18.2/index.md
+++ b/content/en/news/releases/1.18.x/announcing-1.18.2/index.md
@@ -15,10 +15,10 @@ This release note describes what’s different between Istio 1.18.1 and 1.18.2.
 
 ## Security update
 
-- __CVE-2023-35941__: (CVSS Score 8.6, High): OAuth2 credentials exploit with permanent validity.
-- __CVE-2023-35942__: (CVSS Score 6.5, Moderate): gRPC access log crash caused by the listener draining.
-- __CVE-2023-35943__: (CVSS Score 6.3, Moderate): CORS filter segfault when origin header is removed.
-- __CVE-2023-35944__: (CVSS Score 8.2, High): Incorrect handling of HTTP requests and responses with mixed case schemes in Envoy.
+- __[CVE-2023-35941](https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55)__: (CVSS Score 8.6, High): OAuth2 credentials exploit with permanent validity.
+- __[CVE-2023-35942](https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4)__: (CVSS Score 6.5, Moderate): gRPC access log crash caused by the listener draining.
+- __[CVE-2023-35943](https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq)__: (CVSS Score 6.3, Moderate): CORS filter segfault when origin header is removed.
+- __[CVE-2023-35944](https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g)__: (CVSS Score 8.2, High): Incorrect handling of HTTP requests and responses with mixed case schemes in Envoy.
 
 ## Changes
 
diff --git a/content/en/news/security/istio-security-2023-003/index.md b/content/en/news/security/istio-security-2023-003/index.md
index 07ae74fb24..8ae4c1fb3d 100644
--- a/content/en/news/security/istio-security-2023-003/index.md
+++ b/content/en/news/security/istio-security-2023-003/index.md
@@ -3,8 +3,8 @@ title: ISTIO-SECURITY-2023-003
 subtitle: Security Bulletin
 description: CVEs reported by Envoy.
 cves: [CVE-2023-35941,CVE-2023-35942,CVE-2023-35943,CVE-2023-35944]
-cvss: "7.5"
-vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+cvss: "8.6"
+vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
 releases: ["All releases prior to 1.16.0", "1.16.0 to 1.16.6", "1.17.0 to 1.17.4", "1.18.0 to 1.18.1"]
 publishdate: 2023-07-25
 keywords: [CVE]
@@ -17,10 +17,10 @@ skip_seealso: true
 
 ### Envoy CVEs
 
-- __CVE-2023-35941__: (CVSS Score 8.6, High): OAuth2 credentials exploit with permanent validity.
-- __CVE-2023-35942__: (CVSS Score 6.5, Moderate): gRPC access log crash caused by the listener draining.
-- __CVE-2023-35943__: (CVSS Score 6.3, Moderate): CORS filter segfault when origin header is removed.
-- __CVE-2023-35944__: (CVSS Score 8.2, High): Incorrect handling of HTTP requests and responses with mixed case schemes in Envoy.
+- __[CVE-2023-35941](https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55)__: (CVSS Score 8.6, High): OAuth2 credentials exploit with permanent validity.
+- __[CVE-2023-35942](https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4)__: (CVSS Score 6.5, Moderate): gRPC access log crash caused by the listener draining.
+- __[CVE-2023-35943](https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq)__: (CVSS Score 6.3, Moderate): CORS filter segfault when origin header is removed.
+- __[CVE-2023-35944](https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g)__: (CVSS Score 8.2, High): Incorrect handling of HTTP requests and responses with mixed case schemes in Envoy.
 
 ## Am I Impacted?