openSUSE 16 Security Update : syft (openSUSE-SU-2026:20928-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20928-1 advisory. Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier...

OPENSUSE-SU-2026:20928-1 Security update for syft

This update for syft fixes the following issues: Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier should distinguish between MySQL Cluster ndb and MySQL 3297 4907 @witchcraze - Catalog...

Poking around in the Dark: Why a Shared Understanding of Components Matters

By listing the components included in an application, Software Bills of Materials SBOMs are intended to support the timely identification of vulnerable components and ensure the security of the software supply chain. However, we question the underlying assumption that there is agreement on the...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: opa, k3s, containerd, helm-push, zarf, skaffold, envoy-gateway, teleport, trivy, tw, dagger, helm-set-status, datadog-agent, neuvector-scanner, chartmuseum, fuse-overlayfs-snapshotter, gogatekeeper, rancher-agent, helm-mapkubeapis, wolfictl, k9s, gatekeeper, rancher,...

GHSA-FQW6-GF59-QR4W vulnerabilities

Vulnerabilities for packages: opa, k3s, containerd, helm-push, zarf, skaffold, envoy-gateway, teleport, trivy, tw, dagger, helm-set-status, datadog-agent, neuvector-scanner, chartmuseum, fuse-overlayfs-snapshotter, gogatekeeper, rancher-agent, helm-mapkubeapis, wolfictl, k9s, gatekeeper, rancher,...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: teleport, rancher-agent, google-osconfig-agent, steampipe, trivy, newrelic-infrastructure-agent, kargo, headlamp, kube-mgmt-fips, k8ssandra-client-fips, linkerd2-fips, cluster-api-helm-controller, kubevela, newrelic-infrastructure-agent-fips, osv-scanner,...

CVE-2026-31220

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: syft: syft-1.44.0-0.3.hum1 aarch64, x8664 syft-1.44.0-0.3.hum1.src src...

artificienlib (>=0.1.1 <=0.1.6), fed-rf-mk (>=0.0.5 <=1.0.0) potentially affected by CVE-2026-31220 via syft (>=0.2.9 <=0.9.5)

syft PYPI version =0.2.9, =0.1.1, =0.0.5, =1.0.0 Source cves: CVE-2026-31220 Source advisory: OSV:GHSA-CFPG-C974-JFHQ...

CVE-2026-31220

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: zarf, skaffold, pulumi-language-java, teleport, crossplane, trivy, act, dagger, flux-image-automation-controller, melange, cerbos, apko, flux, nuclei, wolfictl, argo-workflows, kyverno, rancher-fleet, k9s, tfsec, gitea, xeol, kots, argocd-image-updater,...

CVE-2026-45022 vulnerabilities

Vulnerabilities for packages: pulumi-language-yaml, teleport, google-osconfig-agent, steampipe, trivy, bom, argocd-image-updater, argo-cd, kargo, grafana-alloy, kubevela, osv-scanner, tfsec, pulumi-language-java, guac, argo-workflows, chainctl, jfrog-cli, pulumi-kubernetes-operator, skaffold, syf...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: go-discover, authservice, sftpgo-plugin-auth, cis-operator, external-dns, docker-cli, pulumi-language-java, flux-image-automation-controller, crossplane-provider-azure-authorization, kwok, gitlab-kas, cerbos, neuvector-scanner, chartmuseum, istio, apko,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: dockerize, cis-operator, gitleaks, aws-nuke, flux-image-automation-controller, chisel, mods, gitlab-kas, neuvector-scanner, vt-cli, chartmuseum, docker-credential-acr-env, descheduler, net-kourier, thanos-operator, openbao, kubernetes-csi-livenessprobe, metacontrolle...

CLEANSTART-2026-GM63718 Security fixes for CVE-2025-15558, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-25934, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-q9hv-hpm4-hj6x applied in versions: 1.39.0-r0, 1.39.0-r1, 1.39.0-r2, 1.39.0-r3

Multiple security vulnerabilities affect the syft package. These issues are resolved in later releases. See references for individual vulnerability details...

SUSE CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

CVE-2026-33481 Syft improper temporary file cleanup

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

CVE-2026-33481

Syft contains a vulnerability (affecting versions before v1.42.3) where temporary storage is not properly cleaned up when an error occurs during scanning. If scanning archives leads to exhausted temporary storage (e.g., large artifacts or zipbombs), Syft may exit without removing temporary files,...