304 matches found
GHSA-9VCR-P3RJ-Q5Q6 vulnerabilities
Vulnerabilities for packages: zarf-fips, crossplane, kyverno-notation-aws, zarf, tbot, tkn-fips, trivy, tekton-chains-fips, kubescape-server, cloudbeat-fips, gitsign, teleport-operator-fips, tflint, trivy-fips, kubescape-server-fips, kyverno-notation-aws-fips, tflint-fips, trivy-operator-fips,...
CVE-2026-49834 vulnerabilities
Vulnerabilities for packages: zarf-fips, crossplane, kyverno-notation-aws, zarf, tbot, tkn-fips, trivy, tekton-chains-fips, kubescape-server, cloudbeat-fips, gitsign, teleport-operator-fips, tflint, trivy-fips, kubescape-server-fips, kyverno-notation-aws-fips, tflint-fips, trivy-operator-fips,...
GHSA-FF52-PH69-CF7X vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-networkmanager, policy-bot, crossplane-provider-azure-signalrservice, fairwinds-gemini-fips, generic-device-plugin-fips, timoni, crossplane-provider-aws-waf-fips, aws-application-networking-k8s, cluster-api, dataplaneapi-fips, gpu-operator,...
Security update for trivy (important)
openSUSE security update: security update for trivy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21249-1 Rating: important References: bsc1269269 bsc1269271 Cross-References: CVE-2026-54448 CVE-2026-55092 CVSS scores: CVE-2026-54448 SUSE : 6.5...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: trivy: trivy-0.72.0-0.1.hum1 aarch64, x8664 trivy-0.72.0-0.1.hum1.src src Security Fixes: trivy: CVE-2026-46680 CVE-2026-47262 CVE-2026-53488...
CVE-2026-49835 vulnerabilities
Vulnerabilities for packages: trivy, kyverno, neuvector-sigstore-interface, crossplane, trivy-operator, spire-server, kubescape, teleport, policy-controller, tflint, tkn, zarf, tekton-chains, aactl, falcoctl, goreleaser, gitsign, kyverno-notation-aws...
GHSA-9C54-X2G4-V92J vulnerabilities
Vulnerabilities for packages: trivy, kyverno, neuvector-sigstore-interface, crossplane, trivy-operator, spire-server, kubescape, teleport, policy-controller, tflint, tkn, zarf, tekton-chains, aactl, falcoctl, goreleaser, gitsign, kyverno-notation-aws...
openSUSE 16 Security Update : trivy (openSUSE-SU-2026:21072-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21072-1 advisory. This update for trivy fixes the following issues Update to version 0.71.2: - CVE-2026-44740: github.com/go-git/go-billy/v5: improper input...
Security update for trivy (important)
openSUSE security update: security update for trivy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21072-1 Rating: important References: bsc1267268 bsc1268356 bsc1268399 bsc1268400 bsc1268403 bsc1268404 bsc1268440 Cross-References: CVE-2026-44740...
OPENSUSE-SU-2026:11162-1 trivy-0.71.2-2.1 on GA media
These are all security issues fixed in the trivy-0.71.2-2.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2026-54448
Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...
SUSE CVE-2026-55092
Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: zarf-fips, harbor, osv-scanner, rancher, knative-eventing-fips, spire-server, k9s-fips, argocd-image-updater, vitess, trivy-fips, cloudbeat, mattermost, prometheus-mongodb-exporter, flux-image-automation-controller-fips, snyk-cli, coder, zot, kots, harbor-fips,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: packer-fips, crossplane-provider-aws-networkmanager, crossplane-provider-aws-organizations, crossplane-provider-azure-signalrservice, spire-server, crossplane-provider-aws-elasticache-fips, grype-db, pulumi-kubernetes-operator, tflint, crossplane-provider-aws-route53...
GHSA-VGWF-H737-FF37 vulnerabilities
Vulnerabilities for packages: packer-fips, zarf-fips, harbor, osv-scanner, rancher, knative-eventing-fips, spire-server, k9s-fips, argocd-image-updater, vitess, grype-db, pulumi-kubernetes-operator, docker-machine-driver-harvester, trivy-fips, rancher-machine, argo-events, apko, melange, cloudbea...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: packer-fips, crossplane-provider-aws-networkmanager, crossplane-provider-aws-organizations, crossplane-provider-azure-signalrservice, spire-server, crossplane-provider-aws-elasticache-fips, grype-db, pulumi-kubernetes-operator, tflint, crossplane-provider-aws-route53...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: packer-fips, zarf-fips, crossplane-provider-azure-storage, fulcio-fips, harbor, osv-scanner, crossplane-provider-azure-operationsmanagement, crossplane-aws-provider-fips, rancher, glab, crossplane-provider-azure-signalrservice, knative-eventing-fips, k9s-fips,...
GHSA-QPW4-5X99-6VJP vulnerabilities
Vulnerabilities for packages: packer-fips, zarf-fips, harbor, osv-scanner, rancher, knative-eventing-fips, spire-server, k9s-fips, argocd-image-updater, vitess, grype-db, pulumi-kubernetes-operator, docker-machine-driver-harvester, trivy-fips, rancher-machine, argo-events, apko, melange, cloudbea...
GHSA-89GR-R52H-F8RX vulnerabilities
Vulnerabilities for packages: packer-fips, zarf-fips, crossplane-provider-azure-storage, fulcio-fips, harbor, osv-scanner, crossplane-provider-azure-operationsmanagement, crossplane-aws-provider-fips, rancher, glab, crossplane-provider-azure-signalrservice, knative-eventing-fips, k9s-fips,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: zarf-fips, harbor, osv-scanner, rancher, knative-eventing-fips, spire-server, k9s-fips, argocd-image-updater, vitess, docker-machine-driver-harvester, trivy-fips, cloudbeat, mattermost, prometheus-mongodb-exporter, flux-image-automation-controller-fips, snyk-cli,...