Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP6 package trivy, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2025-21613 — CVSS 9.8 (critical): go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git…
CVE-2024-3817 — CVSS 9.8 (critical): HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does…
CVE-2024-45337 — CVSS 9.1 (critical): Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be…
CVE-2024-6257 — CVSS 8.4 (high): HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially…
CVE-2024-34158 — CVSS 7.5 (high): Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2025-21614 — CVSS 7.5 (high): go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in…
CVE-2024-34156 — CVSS 7.5 (high): Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up…
CVE-2025-27144: Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web…
CVE-2024-35192 — CVSS 5.5 (medium): Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted…
CVE-2023-42363 — CVSS 5.5 (medium): A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
CVE-2024-45338 — CVSS 5.3 (medium): An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in…
CVE-2024-34155 — CVSS 4.3 (medium): Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.