Browse all 4 CVE security advisories affecting aquasecurity. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33634 | Trivy ecosystem supply chain briefly compromised — setup-trivyCWE-506 | 7.4 | - | 2026-03-23 |
| CVE-2026-28353 | Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release — trivy-vscode-extensionCWE-506 | 5.5 | - | 2026-03-05 |
| CVE-2026-26189 | Trivy Action has a script injection via sourced env file in composite action — trivy-actionCWE-78 | 5.9 | Medium | 2026-02-19 |
| CVE-2024-35192 | Trivy possibly leaks registry credential when scanning images from malicious registries — trivyCWE-522 | 5.5 | Medium | 2024-05-20 |
This page lists every published CVE security advisory associated with aquasecurity. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.