EUVD-2026-10890

zot’s create-only policy allows overwrite attempts of existing latest tag update permission not required...

Malicious Package

Overview artifactregistry-login is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

MAL-2025-5893 Malicious code in artifact-registry-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53156ca17e2b337cc206264bd5506b359075734acd01374129803b3eff0732fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in artifact-registry-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53156ca17e2b337cc206264bd5506b359075734acd01374129803b3eff0732fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft Artifact Registry Container Images Empty Password Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Artifact Registry Container images. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default credentials set within the image. The issue...

SUSE CVE-2024-35192

Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Contain...

GHSA-XCQ4-M2R3-CMRJ Trivy possibly leaks registry credential when scanning images from malicious registries

Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...

Trivy possibly leaks registry credential when scanning images from malicious registries

Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...

Google fixes "Bad.Build" Cloud Build flaw, researchers say it's not enough

Researchers at Orca Security have found a design flaw in the Google Cloud Build service. Attackers would have been able to gain Privilege Escalation resulting in unauthorized access to code repositories in Googles Artifact Registry. The researchers dubbed the vulnerability Bad.Build and say it...

Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation

Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks. The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to...

Securing Containers in Google Cloud Artifact Registry with Qualys

Container software supply chain is an area of concern for security teams in large and small enterprises because developers often make use of container images from a variety of public repositories. A single insecure container image can be instantiated several times and lead to a wide, diffused...