VYPR

Go modules package

github.com/anchore/syft

pkg:golang/github.com/anchore/syft

Vulnerabilities (2)

  • CVE-2026-33481MedMar 26, 2026
    affected < 1.42.3fixed 1.42.3

    Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syf

  • CVE-2023-24827Feb 7, 2023
    affected >= 0.69.0, < 0.70.0fixed 0.70.0

    syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFT_ATTEST_PASSWORD environment var