PT-2026-45973

These are all security issues fixed in the trivy-0.71.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10941-1 trivy-0.71.0-1.1 on GA media

These are all security issues fixed in the trivy-0.71.0-1.1 package on the GA media of openSUSE Tumbleweed...

Poking around in the Dark: Why a Shared Understanding of Components Matters

By listing the components included in an application, Software Bills of Materials SBOMs are intended to support the timely identification of vulnerable components and ensure the security of the software supply chain. However, we question the underlying assumption that there is agreement on the...

openSUSE 16 Security Update : trivy (openSUSE-SU-2026:20833-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20833-1 advisory. Changes in trivy: - update x/crypto to 0.52.0 bsc1266075, CVE-2026-39827, CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831,...

Security update for trivy (important)

openSUSE security update: security update for trivy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20833-1 Rating: important References: bsc1265648 bsc1266075 Cross-References: CVE-2026-33814 CVE-2026-39827 CVE-2026-39828 CVE-2026-39829...

OPENSUSE-SU-2026:20833-1 Security update for trivy

This update for trivy fixes the following issues: Changes in trivy: - update x/crypto to 0.52.0 bsc1266075, CVE-2026-39827, CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831, CVE-2026-42508,CVE-2026-39833,CVE-2026-39830,CVE-2026-39832,...

Security update for trivy (important)

openSUSE security update: security update for trivy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20809-1 Rating: important References: bsc1255366 bsc1258094 bsc1258513 bsc1260193 bsc1260971 bsc1261052 bsc1262389 bsc1262893 bsc1264873...

Security update for trivy (important)

openSUSE security update: security update for trivy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20798-1 Rating: important References: bsc1227010 bsc1232948 bsc1234512 bsc1235265 bsc1237618 bsc1239225 bsc1239385 bsc1240466 bsc1241724 bsc1243633...

OPENSUSE-SU-2026:10886-1 trivy-0.70.0-4.1 on GA media

These are all security issues fixed in the trivy-0.70.0-4.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10858-1 trivy-0.70.0-3.1 on GA media

These are all security issues fixed in the trivy-0.70.0-3.1 package on the GA media of openSUSE Tumbleweed...

GHSA-M7CR-M3PV-HGRP vulnerabilities

Vulnerabilities for packages: nfpm, crossplane, src-fingerprint, snyk-cli, kaniko, melange, grype, grafana-alloy, gitsign, dagger, steampipe, external-secrets-operator, kargo, scorecard, argo-cd, flux-image-automation-controller, syft, act, tfsec, argocd-image-updater, xeol, kots, k9s,...

GHSA-CRHJ-59GH-8X96 vulnerabilities

Vulnerabilities for packages: nfpm, crossplane, src-fingerprint, snyk-cli, kaniko, melange, grype, grafana-alloy, gitsign, dagger, steampipe, external-secrets-operator, kargo, scorecard, argo-cd, flux-image-automation-controller, syft, act, tfsec, argocd-image-updater, xeol, kots, k9s,...

CVE-2026-45571 vulnerabilities

Vulnerabilities for packages: nfpm, crossplane, src-fingerprint, snyk-cli, kaniko, melange, grype, grafana-alloy, gitsign, dagger, steampipe, external-secrets-operator, kargo, scorecard, argo-cd, flux-image-automation-controller, syft, act, tfsec, argocd-image-updater, xeol, kots, k9s,...

CVE-2026-45570 vulnerabilities

Vulnerabilities for packages: nfpm, crossplane, src-fingerprint, snyk-cli, kaniko, melange, grype, grafana-alloy, gitsign, dagger, steampipe, external-secrets-operator, kargo, scorecard, argo-cd, flux-image-automation-controller, syft, act, tfsec, argocd-image-updater, xeol, kots, k9s,...

GHSA-CRHJ-59GH-8X96 vulnerabilities

Vulnerabilities for packages: grafana-alloy, zarf, chainloop-cli-fips, amazon-ssm-agent, cloudbeat-fips, kots, flux-image-automation-controller, kubescape-server, gitlab-rails-ce, grype-db, skaffold, gitlab-rails-ce-fips, kubevela, gitlab-runner, external-secrets-operator, gomplate,...

CVE-2026-45571 vulnerabilities

Vulnerabilities for packages: grafana-alloy, zarf, chainloop-cli-fips, amazon-ssm-agent, cloudbeat-fips, kots, flux-image-automation-controller, kubescape-server, gitlab-rails-ce, grype-db, skaffold, gitlab-rails-ce-fips, kubevela, gitlab-runner, external-secrets-operator, gomplate,...

GHSA-M7CR-M3PV-HGRP vulnerabilities

Vulnerabilities for packages: grafana-alloy, zarf, chainloop-cli-fips, amazon-ssm-agent, cloudbeat-fips, kots, flux-image-automation-controller, kubescape-server, gitlab-rails-ce, grype-db, skaffold, gitlab-rails-ce-fips, kubevela, gitlab-runner, external-secrets-operator, gomplate,...

OPENSUSE-SU-2026:10830-1 trivy-0.70.0-2.1 on GA media

These are all security issues fixed in the trivy-0.70.0-2.1 package on the GA media of openSUSE Tumbleweed...

Docker_MCP_POC

Java vulnerable scan POC Minimal Maven project used to comp...

OPENSUSE-SU-2026:20809-1 Security update for trivy

This update for trivy fixes the following issues - CVE-2025-64702: github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS bsc1255366. - CVE-2025-69725: github.com/go-chi/chi/v5: incorrect input validation in the RedirectSlashes function can lead to an open redirect bsc1258513...