VYPR
High severityOSV Advisory· Published Nov 25, 2025· Updated Apr 15, 2026

CVE-2025-65965

CVE-2025-65965

Description

Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting versions 0.68.0 through 0.104.0. If registry credentials are defined and the output of grype is written using the --file or --output json= option, the registry credentials will be included unsanitized in the output file. This issue has been patched in version 0.104.1. Users running affected versions of grype can work around this vulnerability by redirecting stdout to a file instead of using the --file or --output options.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/anchore/grypeGo
>= 0.68.0, < 0.104.10.104.1

Affected products

11

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.