Lucene search
+L

310 matches found

Chainguard
Chainguard
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: etcd-fips, mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, eksctl, atlantis-fips, coder, caddy, gomplate, tflint, crossplane-provider-azure-authorization, docker-machine-driver-harvester, docker-cli-buildx-fips, mattermost, syft-fips,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.23 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-guardduty-fips, crossplane-provider-aws-backup, atlantis-fips, docker-machine-driver-linode, caddy, eksctl, crossplane-provider-aws-osis, mattermost, crossplane-provider-aws-s3, crossplane-provider-azure-relay, crossplane-provider-aws-vpc-fips...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.6 views

GHSA-VGWF-H737-FF37 vulnerabilities

Vulnerabilities for packages: etcd-fips, mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, coder, gomplate, docker-machine-driver-harvester, terragrunt, docker-cli-buildx-fips, mattermost, syft-fips, pulumi-language-yaml, gatus-fips, zitadel, prometheus, frankenphp-8.5,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-QPW4-5X99-6VJP vulnerabilities

Vulnerabilities for packages: etcd-fips, mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, coder, gomplate, docker-machine-driver-harvester, terragrunt, docker-cli-buildx-fips, mattermost, syft-fips, pulumi-language-yaml, gatus-fips, zitadel, prometheus, frankenphp-8.5,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.8 views

GHSA-78MQ-XCR3-XM33 vulnerabilities

Vulnerabilities for packages: etcd-fips, mattermost-fips, telegraf, argocd-image-updater-fips, gomplate, terragrunt, syft-fips, mattermost, pulumi-language-yaml, zitadel, prometheus, frankenphp-8.5, trivy-operator, elastic-agent-fips, terragrunt-fips, chainloop-cli-fips, nuclei, cert-manager, syf...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.9 views

GHSA-89GR-R52H-F8RX vulnerabilities

Vulnerabilities for packages: mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, eksctl, atlantis-fips, coder, caddy, gomplate, tflint, crossplane-provider-azure-authorization, docker-machine-driver-harvester, docker-cli-buildx-fips, mattermost, syft-fips, terragrunt,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.9 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, coder, docker-machine-driver-harvester, mattermost, zitadel, prometheus, frankenphp-8.5, trivy-operator, elastic-agent-fips, cert-manager, argo-workflows-fips, coder-fips, prometheus-fips, harbo...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.10 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-guardduty-fips, crossplane-provider-aws-backup, atlantis-fips, docker-machine-driver-linode, caddy, eksctl, crossplane-provider-aws-osis, mattermost, crossplane-provider-aws-s3, crossplane-provider-azure-relay, crossplane-provider-aws-vpc-fips...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.9 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: hcloud, podman, steampipe, zarf, caddy, loki, dagger, flux-kustomize-controller, kubernetes, policy-controller, istio, opentofu, grype, kargo, flux-image-automation-controller, crossplane-provider-azure-authorization, eksctl, rancher, chezmoi, falcoctl, tflint,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.10 views

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: cert-manager, cloud-provider-aws, telegraf, zarf, kaf, loki, rancher-agent, argocd-image-updater, kubernetes, istio, containerd, snyk-cli, flux-image-automation-controller, kubescape, kubernetes-dashboard, prometheus, trivy, rancher, vitess, helm, knative-serving,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.11 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: cert-manager, cloud-provider-aws, telegraf, zarf, kaf, loki, rancher-agent, argocd-image-updater, kubernetes, istio, containerd, snyk-cli, flux-image-automation-controller, kubescape, kubernetes-dashboard, prometheus, trivy, rancher, docker-machine-driver-harvester,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.7 views

GHSA-78MQ-XCR3-XM33 vulnerabilities

Vulnerabilities for packages: cert-manager, cloud-provider-aws, podman, telegraf, zarf, kaf, loki, nuclei, pulumi-language-yaml, dagger, wolfictl, argocd-image-updater, splunk-otel-collector, kubernetes, istio, gomplate, opentofu, grype, containerd, snyk-cli, flux-image-automation-controller,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.11 views

GHSA-89GR-R52H-F8RX vulnerabilities

Vulnerabilities for packages: hcloud, podman, steampipe, zarf, caddy, loki, dagger, flux-kustomize-controller, kubernetes, policy-controller, istio, opentofu, grype, kargo, flux-image-automation-controller, crossplane-provider-azure-authorization, eksctl, rancher, chezmoi, falcoctl, tflint,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.11 views

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: podman, zarf, caddy, loki, dagger, kubernetes, istio, opentofu, grype, flux-image-automation-controller, rancher, chezmoi, argo-cd, kots, k3s, fscrypt, argocd-image-updater, step, gomplate, containerd, snyk-cli, openbao, pulumi-kubernetes-operator, argo-events, gitea...

5.3AI score
Exploits0
OSV
OSV
added 2026/06/26 9:25 a.m.3 views

OPENSUSE-SU-2026:21072-1 Security update for trivy

This update for trivy fixes the following issues Update to version 0.71.2: - CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite loops, panics or resource consumption bsc1267268. - CVE-2026-46680:...

9.9CVSS5.8AI score0.00412EPSS
Exploits1References14
NVD
NVD
added 2026/06/25 5:16 p.m.10 views

CVE-2026-55092

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...

7.5CVSS0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 5:16 p.m.9 views

CVE-2026-54448

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...

6.9CVSS0.0025EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 4:27 p.m.3 views

CVE-2026-54448 Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...

6.9CVSS6AI score0.0025EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:27 p.m.7 views

CVE-2026-54448

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/25 4:27 p.m.19 views

CVE-2026-54448

CVE-2026-54448 affects Trivy. Prior to version 0.71.0, its Helm chart scanner uses a custom tar unpacker that reads each archive entry with io.ReadAll(tr) without a size limit, enabling a malicious .tgz to decompress to gigabytes and trigger the OS OOM killer. This could cause the Trivy process t...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder