Browse all 4 CVE security advisories affecting aquasecurity. AI-powered Chinese analysis, POCs, and references for each vulnerability.
AquaSecurity specializes in securing containerized environments and cloud-native applications through its platform for threat detection, compliance, and runtime protection. Historically, AquaSecurity products have been associated with vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with four CVEs currently documented. The organization focuses on providing security for the entire container lifecycle, from development to deployment. While no major security incidents have been publicly reported, the presence of CVEs indicates potential vulnerabilities in their software components. AquaSecurity's offerings aim to address security challenges in DevOps pipelines and container orchestration systems, helping organizations maintain compliance and reduce attack surfaces in cloud-native infrastructures.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33634 | Trivy ecosystem supply chain briefly compromised — setup-trivyCWE-506 | 7.4 | - | 2026-03-23 |
| CVE-2026-28353 | Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release — trivy-vscode-extensionCWE-506 | 5.5 | - | 2026-03-05 |
| CVE-2026-26189 | Trivy Action has a script injection via sourced env file in composite action — trivy-actionCWE-78 | 5.9 | Medium | 2026-02-19 |
| CVE-2024-35192 | Trivy possibly leaks registry credential when scanning images from malicious registries — trivyCWE-522 | 5.5 | Medium | 2024-05-20 |
This page lists every published CVE security advisory associated with aquasecurity. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.