VYPR

GitHub Actions package

aquasecurity/setup-trivy

pkg:github/aquasecurity/setup-trivy

Vulnerabilities (1)

  • CVE-2026-33634KEVMar 23, 2026
    affected < 0.2.6fixed 0.2.6

    Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-