VYPR

Malcontent

by Chainguard Dev

Source repositories

CVEs (3)

  • CVE-2026-28407Feb 27, 2026
    risk 0.00cvss epss 0.00

    malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to…

  • CVE-2026-24846Jan 29, 2026
    risk 0.00cvss epss 0.00

    malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or…

  • CVE-2026-24845Jan 29, 2026
    risk 0.00cvss epss 0.00

    malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference.…