VYPR

Go modules package

github.com/chainguard-dev/malcontent

pkg:golang/github.com/chainguard-dev/malcontent

Vulnerabilities (3)

  • CVE-2026-28407Feb 27, 2026
    affected < 1.21.0fixed 1.21.0

    malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to pres

  • CVE-2026-24846Jan 29, 2026
    affected >= 1.8.0, < 1.20.3fixed 1.20.3

    malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or d

  • CVE-2026-24845Jan 29, 2026
    affected >= 0.10.0, < 1.20.3fixed 1.20.3

    malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malconten