310 matches found
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: etcd-fips, mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, eksctl, atlantis-fips, coder, caddy, gomplate, tflint, crossplane-provider-azure-authorization, docker-machine-driver-harvester, docker-cli-buildx-fips, mattermost, syft-fips,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-guardduty-fips, crossplane-provider-aws-backup, atlantis-fips, docker-machine-driver-linode, caddy, eksctl, crossplane-provider-aws-osis, mattermost, crossplane-provider-aws-s3, crossplane-provider-azure-relay, crossplane-provider-aws-vpc-fips...
GHSA-VGWF-H737-FF37 vulnerabilities
Vulnerabilities for packages: etcd-fips, mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, coder, gomplate, docker-machine-driver-harvester, terragrunt, docker-cli-buildx-fips, mattermost, syft-fips, pulumi-language-yaml, gatus-fips, zitadel, prometheus, frankenphp-8.5,...
GHSA-QPW4-5X99-6VJP vulnerabilities
Vulnerabilities for packages: etcd-fips, mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, coder, gomplate, docker-machine-driver-harvester, terragrunt, docker-cli-buildx-fips, mattermost, syft-fips, pulumi-language-yaml, gatus-fips, zitadel, prometheus, frankenphp-8.5,...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: etcd-fips, mattermost-fips, telegraf, argocd-image-updater-fips, gomplate, terragrunt, syft-fips, mattermost, pulumi-language-yaml, zitadel, prometheus, frankenphp-8.5, trivy-operator, elastic-agent-fips, terragrunt-fips, chainloop-cli-fips, nuclei, cert-manager, syf...
GHSA-89GR-R52H-F8RX vulnerabilities
Vulnerabilities for packages: mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, eksctl, atlantis-fips, coder, caddy, gomplate, tflint, crossplane-provider-azure-authorization, docker-machine-driver-harvester, docker-cli-buildx-fips, mattermost, syft-fips, terragrunt,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, coder, docker-machine-driver-harvester, mattermost, zitadel, prometheus, frankenphp-8.5, trivy-operator, elastic-agent-fips, cert-manager, argo-workflows-fips, coder-fips, prometheus-fips, harbo...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-guardduty-fips, crossplane-provider-aws-backup, atlantis-fips, docker-machine-driver-linode, caddy, eksctl, crossplane-provider-aws-osis, mattermost, crossplane-provider-aws-s3, crossplane-provider-azure-relay, crossplane-provider-aws-vpc-fips...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: hcloud, podman, steampipe, zarf, caddy, loki, dagger, flux-kustomize-controller, kubernetes, policy-controller, istio, opentofu, grype, kargo, flux-image-automation-controller, crossplane-provider-azure-authorization, eksctl, rancher, chezmoi, falcoctl, tflint,...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: cert-manager, cloud-provider-aws, telegraf, zarf, kaf, loki, rancher-agent, argocd-image-updater, kubernetes, istio, containerd, snyk-cli, flux-image-automation-controller, kubescape, kubernetes-dashboard, prometheus, trivy, rancher, vitess, helm, knative-serving,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: cert-manager, cloud-provider-aws, telegraf, zarf, kaf, loki, rancher-agent, argocd-image-updater, kubernetes, istio, containerd, snyk-cli, flux-image-automation-controller, kubescape, kubernetes-dashboard, prometheus, trivy, rancher, docker-machine-driver-harvester,...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: cert-manager, cloud-provider-aws, podman, telegraf, zarf, kaf, loki, nuclei, pulumi-language-yaml, dagger, wolfictl, argocd-image-updater, splunk-otel-collector, kubernetes, istio, gomplate, opentofu, grype, containerd, snyk-cli, flux-image-automation-controller,...
GHSA-89GR-R52H-F8RX vulnerabilities
Vulnerabilities for packages: hcloud, podman, steampipe, zarf, caddy, loki, dagger, flux-kustomize-controller, kubernetes, policy-controller, istio, opentofu, grype, kargo, flux-image-automation-controller, crossplane-provider-azure-authorization, eksctl, rancher, chezmoi, falcoctl, tflint,...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: podman, zarf, caddy, loki, dagger, kubernetes, istio, opentofu, grype, flux-image-automation-controller, rancher, chezmoi, argo-cd, kots, k3s, fscrypt, argocd-image-updater, step, gomplate, containerd, snyk-cli, openbao, pulumi-kubernetes-operator, argo-events, gitea...
OPENSUSE-SU-2026:21072-1 Security update for trivy
This update for trivy fixes the following issues Update to version 0.71.2: - CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite loops, panics or resource consumption bsc1267268. - CVE-2026-46680:...
CVE-2026-55092
Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...
CVE-2026-54448
Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...
CVE-2026-54448 Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser
Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...
CVE-2026-54448
Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...
CVE-2026-54448
CVE-2026-54448 affects Trivy. Prior to version 0.71.0, its Helm chart scanner uses a custom tar unpacker that reads each archive entry with io.ReadAll(tr) without a size limit, enabling a malicious .tgz to decompress to gigabytes and trigger the OS OOM killer. This could cause the Trivy process t...