Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/02/20 7:40 p.m.6 views

CVE-2026-26189

Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...

8.1CVSS5.9AI score0.01298EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 8:25 p.m.14 views

CVE-2026-26189

Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...

8.1CVSS0.01298EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 7:7 p.m.25 views

CVE-2026-26189 Trivy Action has a script injection via sourced env file in composite action

Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...

5.9CVSS0.01298EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 7:7 p.m.5 views

CVE-2026-26189 Trivy Action has a script injection via sourced env file in composite action

Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...

5.9CVSS5.9AI score0.01298EPSS
Exploits0References3
OSV
OSV
added 2026/02/18 3:24 p.m.3 views

GHSA-9P44-J4G5-CFX5 Trivy Action has a script injection via sourced env file in composite action

Command Injection in aquasecurity/trivy-action via Unsanitized Environment Variable Export A command injection vulnerability exists in aquasecurity/trivy-action due to improper handling of action inputs when exporting environment variables. The action writes export VAR= lines to trivyenvs.txt bas...

5.9CVSS6.1AI score0.01298EPSS
Exploits0References5
Rows per page
Query Builder