CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

RedhatCVE•added 2026/03/26 3:1 p.m.•3 views

CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS6.2AI score0.2936EPSS

Exploits2References1

SUSE CVE•added 2026/03/25 12:23 a.m.•1 views

SUSE CVE-2026-33634

9.4CVSS6.2AI score0.2936EPSS

Exploits2References4

OSV•added 2026/03/24 5:53 p.m.•0 views

GHSA-69FQ-XP46-6X23 Trivy ecosystem supply chain was briefly compromised

Summary On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious commits. On March 22...

9.4CVSS6.2AI score0.2936EPSS

Exploits2References16

EUVD•added 2026/03/24 5:53 p.m.•1 views

EUVD-2026-14601

Trivy ecosystem supply chain was briefly compromised...

9.4CVSS6AI score0.2936EPSS

Exploits2References3

NVD•added 2026/03/23 10:16 p.m.•1 views

CVE-2026-33634

9.4CVSS0.2936EPSS

Exploits2References14

CVE•added 2026/03/23 9:47 p.m.•31 views

CVE-2026-33634

CVE-2026-33634 is tied to a supply-chain compromise involving Aqua Security Trivy. Concrete details show: (1) affected items include Trivy binary/image v0.69.4, and GitHub Actions components aquasecurity/trivy-action (versions 0.0.1–0.34.2, 76/77 forced-pushed) and aquasecurity/setup-trivy (0.2.0...

9.4CVSS5.9AI score0.2936EPSS

In wildExploits2References14Affected Software3

OSV•added 2026/03/23 9:47 p.m.•3 views

CVE-2026-33634 Trivy ecosystem supply chain briefly compromised

9.4CVSS6.2AI score0.2936EPSS

Exploits2References16

Cvelist•added 2026/03/23 9:47 p.m.•35 views

CVE-2026-33634 Trivy ecosystem supply chain briefly compromised

9.4CVSS0.2936EPSS

Exploits2References10

Vulnrichment•added 2026/03/23 9:47 p.m.•1 views

CVE-2026-33634 Trivy ecosystem supply chain briefly compromised

9.4CVSS5.9AI score0.2936EPSS

Exploits2References10

ATTACKERKB•added 2026/03/23 9:47 p.m.•2 views

CVE-2026-33634

9.4CVSS5.9AI score0.2936EPSS

In wildExploits2References11Affected Software5

CNNVD•added 2026/03/23 12:0 a.m.•2 views

Aqua Security多款产品安全漏洞

Aqua Security Trivy and Trivy Action are both products of Aqua Security. Trivy is a comprehensive and multifunctional security scanner. Trivy Action is a container vulnerability scanning software. Several products from Aqua Security have security vulnerabilities, which stem from supply chain...

9.4CVSS6.3AI score0.2936EPSS

Exploits2References3

Positive Technologies•added 2026/03/23 12:0 a.m.•2 views

PT-2026-27246

Name of the Vulnerable Software and Affected Versions Trivy versions prior to 0.69.3, aquasecurity/trivy-action versions 0.0.1 through 0.34.2, aquasecurity/setup-trivy versions 0.2.0 through 0.2.6. Description This vulnerability involves a supply chain compromise of the Trivy security scanner. On...

9.4CVSS6.1AI score0.2936EPSS

Exploits2References113

VulnCheck KEV•added 2026/03/23 12:0 a.m.•12 views

VulnCheck KEV: CVE-2026-33634

9.4CVSS5.9AI score0.2936EPSS

In wildExploits2References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by