Security: aquasecurity/trivy
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Helm chart tar bomb causes OOM via unbounded io.ReadAll in parserGHSA-q3fv-x8vg-qqm4 published
Jun 4, 2026 by nikpivkinModerate -
Trivy ecosystem supply chain temporarily compromisedGHSA-69fq-xp46-6x23 published
Mar 21, 2026 by itayskCritical -
Path traversal via a crafted vulnerability database or other downloaded artifactsGHSA-mcj4-mphf-j9ff published
Jun 15, 2026 by knqyf263High -
Path Traversal in Trivy Plugin Manager Allows Arbitrary File WriteGHSA-8rc5-4fr6-64pw published
Jun 30, 2026 by knqyf263Moderate -
Possible registry credential leakage when scanning images from malicious registriesGHSA-xcq4-m2r3-cmrj published
May 20, 2024 by knqyf263Moderate