This page collects WhisperX intelligence signals tagged #trivy. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A sophisticated supply chain attack has compromised the official GitHub repositories for Aqua Security's Trivy vulnerability scanner, with a threat actor using stolen credentials to publish malicious software releases and force-push dozens of version tags to credential-stealing malware. The attack targeted the core `aq...
A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. Threat actors used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repository to credential-...
A GitHub repository's automated security scan has flagged high or critical vulnerabilities, triggering a formal security alert. The scan, conducted by the Trivy tool, specifically identified a security flaw within the project's `package-lock.json` file, a critical dependency manifest for Node.js applications. This auto...
A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repos...
A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy, a critical open-source security scanner used by millions of projects. Threat actors used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aqua...
A Trivy vulnerability scan has flagged the widely used `ghcr.io/anthony-spruyt/megalinter-sungather:latest` container image as a significant security risk, revealing 47 total vulnerabilities including three rated CRITICAL and 16 rated HIGH. The scan, conducted on March 29, 2026, indicates the container is shipping with...
A recent Trivy security scan has exposed a significant vulnerability cluster within the `ghcr.io/anthony-spruyt/megalinter-xfg:latest` container image. The scan, dated March 29, 2026, identified 47 total vulnerabilities, including 3 rated CRITICAL and 16 rated HIGH. This concentration of severe flaws in a widely used d...
A routine security scan has flagged critical vulnerabilities within the Docker images of the 'memory-journal-mcp' project on GitHub. The automated scan, conducted by Trivy, triggered an immediate security alert, mandating urgent review and remediation. This discovery highlights the persistent risk of supply chain attac...
The threat actors behind the recent Trivy supply-chain breach have escalated their campaign, now poisoning the Python Package Index (PyPI) with malicious versions of the Telnyx SDK. This latest attack aims to infect developers' systems with credential-stealing malware, marking a continued and aggressive exploitation of...
A critical supply chain attack has compromised the official GitHub Actions for Trivy, a widely used open-source security scanner. On March 19, 2026, a threat actor used stolen credentials to publish a malicious version of Trivy (v0.69.4) and executed a sweeping hijack of the project's version history. The attacker forc...
A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release and force-push 76 out of 77 version tags in the `aquasecurity/trivy-action` reposit...
A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repos...
A sophisticated supply chain attack has compromised the core security tools of Aqua Security, a major player in the container and vulnerability scanning space. Threat actors used compromised credentials to publish malicious releases of the Trivy scanner and force-push nearly all version tags in its associated GitHub re...
A sophisticated supply chain attack has compromised the official GitHub Actions for Trivy, a critical open-source security scanner used by millions of repositories. Threat actors, using stolen credentials, successfully published malicious releases and force-pushed nearly all version tags for the `aquasecurity/trivy-act...
A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy, a critical open-source security scanner used by millions of repositories. Threat actors used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `...
A critical supply chain attack has compromised the official GitHub Actions for Trivy, a widely used open-source security scanner. On March 19, 2026, a threat actor used stolen credentials to publish a malicious Trivy v0.69.4 release and force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repositor...
A sophisticated supply chain attack has compromised the core security scanning tools of Aqua Security, directly targeting the widely used Trivy vulnerability scanner and its GitHub Actions. Threat actors, using compromised credentials, successfully published malicious releases and force-pushed nearly all version tags f...
A medium-severity security vulnerability, tracked as CVE-2025-59471, has been flagged by GitHub's CodeQL analysis in the `agentapi-plusplus` repository. The automated security scanning tool Trivy identified the issue under the `LanguageSpecificPackageVulnerability` rule, which is currently in an open state. This alert ...
A Trivy security scan has flagged five HIGH-severity vulnerabilities within a critical software component, exposing a potential attack surface for denial-of-service, arbitrary code execution, and information disclosure. The scan, conducted on April 2, 2026, targeted the `7002370412/news-feed:latest` container image, wh...
A routine security scan has flagged critical vulnerabilities within the Docker images for the Memory Journal MCP project. The automated scan, conducted by Trivy, triggered an immediate security alert, indicating the presence of exploitable flaws in the project's containerized environment. This discovery necessitates ur...