Lucene search
+L

310 matches found

Chainguard
Chainguard
added 2026/05/06 7:17 p.m.29 views

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: argocd-image-updater-fips, gomplate, terragrunt, syft-fips, pulumi-language-yaml, trivy-operator, terragrunt-fips, chainloop-cli-fips, nuclei, gitsign, syft, argo-workflows-fips, src-fingerprint-fips, nemo, gitlab-runner, kubescape-server, cerbos, flux, grype, cg,...

7.4CVSS5.1AI score0.00259EPSS
Exploits0
OSV
OSV
added 2026/05/06 11:33 a.m.5 views

OPENSUSE-SU-2026:20702-1 Security update for trivy

This update for trivy fixes the following issues: Changes in trivy: - Update to version 0.70.0 bsc1260193, CVE-2026-33186, bsc1260971, CVE-2026-33747, bsc1261052, CVE-2026-33748, bsc1262389, CVE-2026-39984, bsc1262893, CVE-2026-34986: release: v0.70.0 main 10105 choredeps: bump...

9.8CVSS6.8AI score0.01557EPSS
Exploits1References14
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/04 12:0 a.m.7 views

Security update for trivy (important)

openSUSE Security Update: Security update for trivy Announcement ID: openSUSE-SU-2026:0163-1 Rating: important References: 1255366 1258094 1258513 1260193 1260971 1261052 1262389 1262893 Cross-References: CVE-2025-64702 CVE-2025-66564 CVE-2025-69725 CVE-2026-25934 CVE-2026-33186 CVE-2026-33747...

8.7CVSS6.5AI score0.01557EPSS
Exploits1References8
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/01 12:0 a.m.4 views

trivy-0.70.0-1.1 on GA media (moderate)

trivy-0.70.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10651-1 Rating: moderate Cross-References: CVE-2025-69725 CVE-2026-25934 CVE-2026-33186 CVE-2026-33747 CVE-2026-33748 CVE-2026-34986 CVE-2026-39984 CVSS scores: CVE-2025-69725 SUSE : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

8.7CVSS5.8AI score0.01557EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.5 views

Fedora 44 : trivy (2026-6fc2f11089)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6fc2f11089 advisory. Update to 0.69.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

5CVSS8AI score0.00153EPSS
Exploits0References3
OSV
OSV
added 2026/04/28 12:0 a.m.6 views

OPENSUSE-SU-2026:10651-1 trivy-0.70.0-1.1 on GA media

These are all security issues fixed in the trivy-0.70.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS6.9AI score0.01557EPSS
Exploits1References7
OSV
OSV
added 2026/04/16 12:55 a.m.12 views

CLEANSTART-2026-DR81473 HashiCorp’s go-getter library up to v1

Multiple security vulnerabilities affect the harbor-scanner-trivy-fips package. HashiCorp’s go-getter library up to v1. See references for individual vulnerability details...

9.8CVSS5.7AI score0.00694EPSS
Exploits2References24
Fedora
Fedora
added 2026/04/13 1:11 a.m.8 views

[SECURITY] Fedora 43 Update: trivy-0.69.3-1.fc43

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more...

7.8CVSS6.9AI score0.00632EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.5 views

Fedora 43 : trivy (2026-868e266938)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-868e266938 advisory. Update to 0.69.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

7.8CVSS7.2AI score0.00632EPSS
Exploits3References12
Talos Blog
Talos Blog
added 2026/04/03 5:31 p.m.4 views

Do not get high(jacked) off your own supply (chain)

In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a "chaos-as-a-service" group that injected...

5.9AI score
Exploits0
OSV
OSV
added 2026/04/01 4:33 p.m.8 views

GO-2026-4919 Trivy ecosystem supply chain was briefly compromised in github.com/aquasecurity/trivy

On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release...

9.4CVSS5.9AI score0.60368EPSS
Exploits2References14
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.5 views

Aqua Security Trivy 0.69.4 Supply Chain Compromise (GHSA-69fq-xp46-6x23)

The version of Aqua Security Trivy installed on the remote host is 0.69.4. This version was published by a threat actor using compromised credentials as part of a supply chain attack. The malicious release contains credential-stealing malware designed to exfiltrate secrets such as SSH keys, cloud...

9.4CVSS6.1AI score0.60368EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.8 views

CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS6.2AI score0.60368EPSS
Exploits2References1
CISA
CISA
added 2026/03/26 12:0 p.m.12 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-33634link is external Aqua Security Trivy Embedded Malicious Code Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

9.4CVSS5.9AI score0.60368EPSS
In wildExploits2References6
OSV
OSV
added 2026/03/26 4:0 a.m.8 views

MAL-2026-2230 Malicious code in aquasecurityofficial.trivy-vulnerability-scanner (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b This extension is a compromised version of the offical Trivy VSCode extension available on the Microsoft Marketplace. Versions 1.8.11 and...

5.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/25 2:25 p.m.50 views

Two LiteLLM versions published containing credential harvesting malware

After an API Token exposure from an exploited trivy dependency, two new releases of litellm were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Anyone who has installed and run the project should assume an...

5.8AI score
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/25 2:25 p.m.12 views

GHSA-5MG7-485Q-XM76 Two LiteLLM versions published containing credential harvesting malware

After an API Token exposure from an exploited trivy dependency, two new releases of litellm were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Anyone who has installed and run the project should assume an...

5.8AI score
Exploits0References8
HackRead
HackRead
added 2026/03/25 10:34 a.m.7 views

TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign

Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.4 views

SUSE CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS6.2AI score0.60368EPSS
Exploits2References4
Microsoft Secure
Microsoft Secure
added 2026/03/25 12:3 a.m.7 views

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

In this article 1. Analyzing the Trivy supply chain compromise 2. Detection and investigation 3. Mitigation and protection guidance 4. Advanced hunting queries 5. References 6. Learn more On March 19, 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have...

6.2AI score
Exploits0
Rows per page
Query Builder