VYPR

Go modules package

github.com/aquasecurity/trivy

pkg:golang/github.com/aquasecurity/trivy

Vulnerabilities (2)

  • CVE-2026-33634KEVMar 23, 2026

    Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-

  • CVE-2024-35192MedMay 20, 2024
    affected < 0.51.2fixed 0.51.2

    Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google Clo