Go modules package
github.com/chainguard-dev/malcontent
pkg:golang/github.com/chainguard-dev/malcontent
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-28407 | — | < 1.21.0 | 1.21.0 | Feb 27, 2026 | malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to pres | ||
| CVE-2026-24846 | — | >= 1.8.0, < 1.20.3 | 1.20.3 | Jan 29, 2026 | malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or d | ||
| CVE-2026-24845 | — | >= 0.10.0, < 1.20.3 | 1.20.3 | Jan 29, 2026 | malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malconten |
- CVE-2026-28407Feb 27, 2026affected < 1.21.0fixed 1.21.0
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to pres
- CVE-2026-24846Jan 29, 2026affected >= 1.8.0, < 1.20.3fixed 1.20.3
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or d
- CVE-2026-24845Jan 29, 2026affected >= 0.10.0, < 1.20.3fixed 1.20.3
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malconten