Aquasecurity Trivy-action
2 CVEs affecting Aquasecurity Trivy-action. Latest disclosed: 2026-03-23. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-26189 | Medium | 5.9 | 2026-02-19 | Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in `aquasecurity/trivy-… |
CVE-2026-33634 | | 2026-03-23 | Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 v… |