VYPR
Vendor

aquasecurity

Products
4
CVEs
4
Across products
6
Status
Private

Products

4

Recent CVEs

4
  • CVE-2026-28353CriMar 5, 2026
    risk 0.65cvss epss 0.00

    Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and…

  • CVE-2024-35192MedMay 20, 2024
    risk 0.29cvss 5.5epss 0.00

    Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google…

  • CVE-2026-33634KEVMar 23, 2026
    risk 0.07cvss epss 0.60

    Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in…

  • CVE-2026-26189Feb 19, 2026
    risk 0.00cvss epss 0.01

    Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in `aquasecurity/trivy-action` versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables.…