310 matches found
CVE-2026-41506 vulnerabilities
Vulnerabilities for packages: argocd-image-updater-fips, gomplate, terragrunt, syft-fips, pulumi-language-yaml, trivy-operator, terragrunt-fips, chainloop-cli-fips, nuclei, gitsign, syft, argo-workflows-fips, src-fingerprint-fips, nemo, gitlab-runner, kubescape-server, cerbos, flux, grype, cg,...
OPENSUSE-SU-2026:20702-1 Security update for trivy
This update for trivy fixes the following issues: Changes in trivy: - Update to version 0.70.0 bsc1260193, CVE-2026-33186, bsc1260971, CVE-2026-33747, bsc1261052, CVE-2026-33748, bsc1262389, CVE-2026-39984, bsc1262893, CVE-2026-34986: release: v0.70.0 main 10105 choredeps: bump...
Security update for trivy (important)
openSUSE Security Update: Security update for trivy Announcement ID: openSUSE-SU-2026:0163-1 Rating: important References: 1255366 1258094 1258513 1260193 1260971 1261052 1262389 1262893 Cross-References: CVE-2025-64702 CVE-2025-66564 CVE-2025-69725 CVE-2026-25934 CVE-2026-33186 CVE-2026-33747...
trivy-0.70.0-1.1 on GA media (moderate)
trivy-0.70.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10651-1 Rating: moderate Cross-References: CVE-2025-69725 CVE-2026-25934 CVE-2026-33186 CVE-2026-33747 CVE-2026-33748 CVE-2026-34986 CVE-2026-39984 CVSS scores: CVE-2025-69725 SUSE : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...
Fedora 44 : trivy (2026-6fc2f11089)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6fc2f11089 advisory. Update to 0.69.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
OPENSUSE-SU-2026:10651-1 trivy-0.70.0-1.1 on GA media
These are all security issues fixed in the trivy-0.70.0-1.1 package on the GA media of openSUSE Tumbleweed...
CLEANSTART-2026-DR81473 HashiCorp’s go-getter library up to v1
Multiple security vulnerabilities affect the harbor-scanner-trivy-fips package. HashiCorp’s go-getter library up to v1. See references for individual vulnerability details...
[SECURITY] Fedora 43 Update: trivy-0.69.3-1.fc43
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more...
Fedora 43 : trivy (2026-868e266938)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-868e266938 advisory. Update to 0.69.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
Do not get high(jacked) off your own supply (chain)
In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a "chaos-as-a-service" group that injected...
GO-2026-4919 Trivy ecosystem supply chain was briefly compromised in github.com/aquasecurity/trivy
On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release...
Aqua Security Trivy 0.69.4 Supply Chain Compromise (GHSA-69fq-xp46-6x23)
The version of Aqua Security Trivy installed on the remote host is 0.69.4. This version was published by a threat actor using compromised credentials as part of a supply chain attack. The malicious release contains credential-stealing malware designed to exfiltrate secrets such as SSH keys, cloud...
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-33634link is external Aqua Security Trivy Embedded Malicious Code Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...
MAL-2026-2230 Malicious code in aquasecurityofficial.trivy-vulnerability-scanner (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b This extension is a compromised version of the offical Trivy VSCode extension available on the Microsoft Marketplace. Versions 1.8.11 and...
Two LiteLLM versions published containing credential harvesting malware
After an API Token exposure from an exploited trivy dependency, two new releases of litellm were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Anyone who has installed and run the project should assume an...
GHSA-5MG7-485Q-XM76 Two LiteLLM versions published containing credential harvesting malware
After an API Token exposure from an exploited trivy dependency, two new releases of litellm were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Anyone who has installed and run the project should assume an...
TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign
Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers...
SUSE CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...
Guidance for detecting, investigating, and defending against the Trivy supply chain compromise
In this article 1. Analyzing the Trivy supply chain compromise 2. Detection and investigation 3. Mitigation and protection guidance 4. Advanced hunting queries 5. References 6. Learn more On March 19, 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have...