VYPR
Vendor

Anchore

Products
3
CVEs
5
Across products
5
Status
Private

Products

3

Recent CVEs

5
  • CVE-2025-65965HigNov 25, 2025
    risk 0.46cvss epss 0.00

    Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting versions 0.68.0 through 0.104.0. If registry credentials are defined and the output of grype is written using the --file or --output…

  • CVE-2026-33481MedMar 26, 2026
    risk 0.27cvss 5.3epss 0.00

    Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives…

  • CVE-2023-24827Feb 7, 2023
    risk 0.00cvss epss 0.01

    syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFT_ATTEST_PASSWORD environment…

  • CVE-2022-1766Jul 20, 2022
    risk 0.00cvss epss 0.01

    Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl…

  • CVE-2020-11075May 27, 2020
    risk 0.00cvss epss 0.02

    In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an…