VYPR

trivy-action

by aquasecurity

Source repositories

CVEs (2)

  • CVE-2026-33634KEVMar 23, 2026
    risk 0.07cvss epss 0.60

    Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in…

  • CVE-2026-26189Feb 19, 2026
    risk 0.00cvss epss 0.01

    Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in `aquasecurity/trivy-action` versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables.…