artificienlib (>=0.1.1 <=0.1.6), fed-rf-mk (>=0.0.5 <=1.0.0) potentially affected by CVE-2026-31220 via syft (>=0.2.9 <=0.9.5)

syft PYPI version =0.2.9, =0.1.1, =0.0.5, =1.0.0 Source cves: CVE-2026-31220 Source advisory: OSV:GHSA-CFPG-C974-JFHQ...

CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

CVE-2023-24827

syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...

SUSE CVE-2023-24827

syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...

CVE-2023-24827 Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set in syft

syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...

syft 日志信息泄露漏洞

syft is a CLI tool and Go library for generating a software bill of materials SBOM from container images and filesystems. A log message disclosure vulnerability exists in syft, which stems from a password disclosure stored in the SYFTATTESTPASSWORD environment variable...