{"affected":[{"ecosystem_specific":{"binaries":[{"trivy":"0.66.0-bp160.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"trivy","purl":"pkg:rpm/opensuse/trivy&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.66.0-bp160.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for trivy fixes the following issues:\n\nChanges in trivy:\n\nUpdate to version 0.67.2 (bsc#1250625, CVE-2025-11065, bsc#1248897, CVE-2025-58058):\n\n  * fix: Use `fetch-level: 1` to check out trivy-repo in the release workflow [backport: release/v0.67] (#9638)\n  * fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#9631)\n  * fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#9629)\n  * fix: add `buildInfo` for `BlobInfo` in `rpc` package [backport: release/v0.67] (#9615)\n  * fix(vex): don't use reused BOM [backport: release/v0.67] (#9612)\n  * fix(vex): don't  suppress vulns for packages with infinity loop (#9465)\n  * fix(aws): use `BuildableClient` insead of `xhttp.Client` (#9436)\n  * refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and testing/fstest (#9282)\n  * docs: clarify inline ignore limitations for resource-less checks (#9537)\n  * fix(k8s): disable parallel traversal with fs cache for k8s images (#9534)\n  * fix(misconf): handle tofu files in module detection (#9486)\n  * feat(seal): add seal support (#9370)\n  * docs: fix modules path and update code example (#9539)\n  * fix: close file descriptors and pipes on error paths (#9536)\n  * feat: add documentation URL for database lock errors (#9531)\n  * fix(db): Dowload database when missing but metadata still exists (#9393)\n  * feat(cloudformation): support default values and list results in Fn::FindInMap (#9515)\n  * fix(misconf): unmark cty values before access (#9495)\n  * feat(cli): change --list-all-pkgs default to true (#9510)\n  * fix(nodejs): parse workspaces as objects for package-lock.json files (#9518)\n  * refactor(fs): use underlyingPath to determine virtual files more reliably (#9302)\n  * refactor: remove google/wire dependency and implement manual DI (#9509)\n  * chore(deps): bump the aws group with 6 updates (#9481)\n  * chore(deps): bump the common group across 1 directory with 24 updates (#9507)\n  * fix(misconf): wrap legacy ENV values in quotes to preserve spaces (#9497)\n  * docs: move info about `detection priority` into coverage section (#9469)\n  * feat(sbom): added support for CoreOS (#9448)\n  * fix(misconf): strip build metadata suffixes from image history (#9498)\n  * feat(cyclonedx): preserve SBOM structure when scanning SBOM files with vulnerability updates (#9439)\n  * docs: Fix typo in terraform docs (#9492)\n  * feat(redhat): add os-release detection for RHEL-based images (#9458)\n  * ci(deps): add 3-day cooldown period for Dependabot updates (#9475)\n  * refactor: migrate from go-json-experiment to encoding/json/v2 (#9422)\n  * fix(vuln): compare `nuget` package names in lower case (#9456)\n  * chore: Update release flow to include chocolatey (#9460)\n  * docs: document eol supportability (#9434)\n  * docs(report): add nuanses about secret/license scanner in summary table (#9442)\n  * ci: use environment variables in GitHub Actions for improved security (#9433)\n  * chore: bump Go to 1.24.7 (#9435)\n  * fix(nodejs): use snapshot string as `Package.ID` for pnpm packages (#9330)\n  * ci(helm): bump Trivy version to 0.66.0 for Trivy Helm Chart 0.18.0 (#9425)\n\nUpdate to version 0.66.0 (bsc#1248937, CVE-2025-58058):\n\n  * chore(deps): bump the aws group with 7 updates (#9419)\n  * refactor(secret): clarify secret scanner messages (#9409)\n  * fix(cyclonedx): handle multiple license types (#9378)\n  * fix(repo): sanitize git repo URL before inserting into report metadata (#9391)\n  * test: add HTTP basic authentication to git test server (#9407)\n  * fix(sbom): add support for `file` component type of `CycloneDX` (#9372)\n  * fix(misconf): ensure module source is known (#9404)\n  * ci: migrate GitHub Actions from version tags to SHA pinning (#9405)\n  * fix: create temp file under composite fs dir (#9387)\n  * chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#9403)\n  * refactor: switch to stable azcontainerregistry SDK package (#9319)\n  * chore(deps): bump the common group with 7 updates (#9382)\n  * refactor(misconf): migrate from custom Azure JSON parser (#9222)\n  * fix(repo): preserve RepoMetadata on FS cache hit (#9389)\n  * refactor(misconf): use atomic.Int32 (#9385)\n  * chore(deps): bump the aws group with 6 updates (#9383)\n  * docs: Fix broken link to \"Built-in Checks\" (#9375)\n  * fix(plugin): don't remove plugins when updating index.yaml file (#9358)\n  * fix: persistent flag option typo (#9374)\n  * chore(deps): bump the common group across 1 directory with 26 updates (#9347)\n  * fix(image): use standardized HTTP client for ECR authentication (#9322)\n  * refactor: export `systemFileFiltering` Post Handler (#9359)\n  * docs: update links to Semaphore pages (#9352)\n  * fix(conda): memory leak by adding closure method for `package.json` file (#9349)\n  * feat: add timeout handling for cache database operations (#9307)\n  * fix(misconf): use correct field log_bucket instead of target_bucket in gcp bucket (#9296)\n  * fix(misconf): ensure ignore rules respect subdirectory chart paths (#9324)\n  * chore(deps): bump alpine from 3.21.4 to 3.22.1 (#9301)\n  * feat(terraform): use .terraform cache for remote modules in plan scanning (#9277)\n  * chore: fix some function names in comment (#9314)\n  * chore(deps): bump the aws group with 7 updates (#9311)\n  * docs: add explanation for how to use non-system certificates (#9081)\n  * chore(deps): bump the github-actions group across 1 directory with 2 updates (#8962)\n  * fix(misconf): preserve original paths of remote submodules from .terraform (#9294)\n  * refactor(terraform): make Scan method of Terraform plan scanner private (#9272)\n  * fix: suppress debug log for context cancellation errors (#9298)\n  * feat(secret): implement streaming secret scanner with byte offset tracking (#9264)\n  * fix(python): impove package name normalization  (#9290)\n  * feat(misconf): added audit config attribute (#9249)\n  * refactor(misconf): decouple input fs and track extracted files with fs references (#9281)\n  * test(misconf): remove BenchmarkCalculate using outdated check metadata (#9291)\n  * refactor: simplify Detect function signature (#9280)\n  * ci(helm): bump Trivy version to 0.65.0 for Trivy Helm Chart 0.17.0 (#9288)\n  * fix(fs): avoid shadowing errors in file.glob (#9286)\n  * test(misconf): move terraform scan tests to integration tests (#9271)\n  * test(misconf): drop gcp iam test covered by another case (#9285)\n  * chore(deps): bump to alpine from `3.21.3` to `3.21.4` (#9283)\n\nUpdate to version 0.65.0:\n\n  * fix(cli): ensure correct command is picked by telemetry (#9260)\n  * feat(flag): add schema validation for `--server` flag (#9270)\n  * chore(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible (#9274)\n  * ci: skip undefined labels in discussion triage action (#9175)\n  * feat(repo): add git repository metadata to reports (#9252)\n  * fix(license): handle WITH operator for `LaxSplitLicenses` (#9232)\n  * chore: add modernize tool integration for code modernization (#9251)\n  * fix(secret): add UTF-8 validation in secret scanner to prevent protobuf marshalling errors (#9253)\n  * chore: implement process-safe temp file cleanup (#9241)\n  * fix: prevent graceful shutdown message on normal exit (#9244)\n  * fix(misconf): correctly parse empty port ranges in google_compute_firewall (#9237)\n  * feat: add graceful shutdown with signal handling (#9242)\n  * chore: update template URL for brew formula (#9221)\n  * test: add end-to-end testing framework with image scan and proxy tests (#9231)\n  * refactor(db): use `Getter` interface with `GetParams` for trivy-db sources (#9239)\n  * ci: specify repository for `gh cache delete` in canary worklfow (#9240)\n  * ci: remove invalid `--confirm` flag from `gh cache delete` command in canary builds (#9236)\n  * fix(misconf): fix log bucket in schema (#9235)\n  * chore(deps): bump the common group across 1 directory with 24 updates (#9228)\n  * ci: move runner.os context from job-level env to step-level in canary workflow (#9233)\n  * chore(deps): bump up Trivy-kubernetes to v0.9.1 (#9214)\n  * feat(misconf): added logging and versioning to the gcp storage bucket (#9226)\n  * fix(server): add HTTP transport setup to server mode (#9217)\n  * chore: update the rpm download Update (#9202)\n  * feat(alma): add AlmaLinux 10 support (#9207)\n  * fix(nodejs): don't use prerelease logic for compare npm constraints  (#9208)\n  * fix(rootio): fix severity selection (#9181)\n  * fix(sbom): merge in-graph and out-of-graph OS packages in scan results (#9194)\n  * fix(cli): panic: attempt to get os.Args[1] when len(os.Args) < 2 (#9206)\n  * fix(misconf): correctly adapt azure storage account (#9138)\n  * feat(misconf): add private ip google access attribute to subnetwork (#9199)\n  * feat(report): add CVSS vectors in sarif report (#9157)\n  * fix(terraform): `for_each` on a map returns a resource for every key (#9156)\n  * fix: supporting .egg-info/METADATA in python.Packaging analyzer (#9151)\n  * chore: migrate protoc setup from Docker to buf CLI (#9184)\n  * ci: delete cache after artifacts upload in canary workflow (#9177)\n  * refactor: remove aws flag helper message (#9080)\n  * ci: use gh pr view to get PR number for forked repositories in auto-ready workflow (#9183)\n  * ci: add auto-ready-for-review workflow (#9179)\n  * feat(image): add Docker context resolution (#9166)\n  * ci: optimize golangci-lint performance with cache-based strategy (#9173)\n  * feat: add HTTP request/response tracing support (#9125)\n  * fix(aws): update amazon linux 2 EOL date (#9176)\n  * chore: Update release workflow to trigger version updates (#9162)\n  * chore(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 (#9164)\n  * fix: also check `filepath` when removing duplicate packages (#9142)\n  * chore: add debug log to show image source location (#9163)\n  * docs: add section on customizing default check data (#9114)\n  * chore(deps): bump the common group across 1 directory with 9 updates (#9153)\n  * docs: partners page content updates (#9149)\n  * chore(license): add missed spdx exceptions: (#9147)\n  * docs: trivy partners page updates (#9133)\n  * fix: migrate from `*.list` to `*.md5sums` files for `dpkg` (#9131)\n  * ci(helm): bump Trivy version to 0.64.1 for Trivy Helm Chart 0.16.1 (#9135)\n  * feat(sbom): add SHA-512 hash support for CycloneDX SBOM (#9126)\n  * fix(misconf): skip rewriting expr if attr is nil (#9113)\n  * fix(license): add missed `GFDL-NIV-1.1` and `GFDL-NIV-1.2` into Trivy mapping (#9116)\n  * fix(cli): Add more non-sensitive flags to telemetry (#9110)\n  * fix(alma): parse epochs from rpmqa file (#9101)\n  * fix(rootio): check full version to detect `root.io` packages (#9117)\n  * chore: drop FreeBSD 32-bit support (#9102)\n  * fix(sbom): use correct field for licenses in CycloneDX reports (#9057)\n  * fix(secret): fix line numbers for multiple-line secrets (#9104)\n  * feat(license): observe pkg types option in license scanner (#9091)\n  * ci(helm): bump Trivy version to 0.64.0 for Trivy Helm Chart 0.16.0 (#9107)\n- (CVE-2025-53547, bsc#1246151)\n\n- Update to version 0.64.1 (bsc#1243633, CVE-2025-47291,\n                           (bsc#1246730, CVE-2025-46569):\n\n  * fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127)\n  * fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124)\n  * fix(rootio): check full version to detect `root.io` packages [backport: release/v0.64] (#9120)\n  * fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119)\n  * docs(python): fix type with METADATA file name (#9090)\n  * feat: reject unsupported artifact types in remote image retrieval (#9052)\n  * chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9088)\n  * refactor(misconf): rewrite Rego module filtering using functional filters (#9061)\n  * feat(terraform): add partial evaluation for policy templates (#8967)\n  * feat(vuln): add Root.io support for container image scanning (#9073)\n  * feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019)\n  * fix(cli): add some values to the telemetry call (#9056)\n  * feat(ubuntu): add end of life date for Ubuntu 25.04 (#9077)\n  * refactor: centralize HTTP transport configuration (#9058)\n  * test: include integration tests in linting and fix all issues (#9060)\n  * chore(deps): bump the common group across 1 directory with 26 updates (#9063)\n  * feat(java): dereference all maven settings.xml env placeholders (#9024)\n  * fix(misconf): reduce log noise on incompatible check (#9029)\n  * fix(misconf): .Config.User always takes precedence over USER in .History (#9050)\n  * chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037)\n  * docs(misconf): simplify misconfiguration docs (#9030)\n  * fix(misconf): move disabled checks filtering after analyzer scan (#9002)\n  * docs: add PR review policy for maintainers (#9032)\n  * fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034)\n  * test: improve and extend tests for iac/adapters/arm (#9028)\n  * chore: bump up Go version to 1.24.4 (#9031)\n  * feat(cli): add version constraints to annoucements (#9023)\n  * fix(misconf): correct Azure value-to-time conversion in AsTimeValue (#9015)\n  * feat(ubuntu): add eol date for 20.04-ESM (#8981)\n  * fix(report): don't panic when report contains vulns, but doesn't contain packages for `table` format (#8549)\n  * fix(nodejs): correctly parse `packages` array of `bun.lock` file (#8998)\n  * refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983)\n  * docs: change --disable-metrics to --disable-telemetry in example (#8999) (#9003)\n  * feat(misconf): add OpenTofu file extension support (#8747)\n  * refactor(misconf): set Trivy version by default in Rego scanner (#9001)\n  * docs: fix assets with versioning (#8996)\n  * docs: add partners page (#8988)\n  * chore(alpine): add EOL date for Alpine 3.22 (#8992)\n  * fix: don't show corrupted trivy-db warning for first run (#8991)\n  * Update installation.md (#8979)\n  * feat(misconf): normalize CreatedBy for buildah and legacy docker builder (#8953)\n  * chore(k8s): update comments with deprecated command format (#8964)\n  * chore: fix errors and typos in docs (#8963)\n  * fix: Add missing version check flags (#8951)\n  * feat(redhat): Add EOL date for RHEL 10. (#8910)\n  * fix: Correctly check for semver versions for trivy version check (#8948)\n  * refactor(server): change custom advisory and vulnerability data types fr… (#8923)\n  * ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (#8946)\n  * fix(misconf): use argument value in WithIncludeDeprecatedChecks (#8942)\n  * chore(deps): Bump trivy-checks (#8934)\n  * fix(julia): add `Relationship` field support (#8939)\n  * feat(minimos): Add support for MinimOS (#8792)\n  * feat(alpine): add maintainer field extraction for APK packages (#8930)\n  * feat(echo): Add Echo Support (#8833)\n  * fix(redhat): Also try to find buildinfo in root layer (layer 0) (#8924)\n  * fix(wolfi): support new APK database location (#8937)\n  * feat(k8s): get components from namespaced resources (#8918)\n  * refactor(cloudformation): remove unused ScanFile method from Scanner (#8927)\n  * refactor(terraform): remove result sorting from scanner (#8928)\n  * feat(misconf): Add support for `Minimum Trivy Version` (#8880)\n  * docs: improve skipping files documentation (#8749)\n  * feat(cli): Add available version checking (#8553)\n  * feat(nodejs): add a bun.lock analyzer (#8897)\n  * feat: terraform parser option to set current working directory (#8909)\n  * perf(secret): only match secrets of meaningful length, allow example strings to not be matched (#8602)\n  * feat(misconf): export raw Terraform data to Rego (#8741)\n  * refactor(terraform): simplify AllReferences method signature in Attribute (#8906)\n  * fix: check post-analyzers for StaticPaths (#8904)\n  * feat: add Bottlerocket OS package analyzer (#8653)\n  * feat(license): improve work text licenses with custom classification (#8888)\n  * chore(deps): bump github.com/containerd/containerd/v2 from 2.1.0 to 2.1.1 (#8901)\n  * chore(deps): bump the common group across 1 directory with 9 updates (#8887)\n  * refactor(license): simplify compound license scanning (#8896)\n  * feat(license): Support compound licenses (licenses using SPDX operators) (#8816)\n  * fix(k8s): use in-memory cache backend during misconfig scanning (#8873)\n  * feat(nodejs): add bun.lock parser (#8851)\n  * feat(license): improve work with custom classification of licenses from config file (#8861)\n  * fix(cli): disable `--skip-dir` and `--skip-files` flags for `sbom` command (#8886)\n  * fix: julia parser panicing (#8883)\n  * refactor(db): change logic to detect wrong DB (#8864)\n  * fix(cli): don't use allow values for `--compliance` flag (#8881)\n  * docs(misconf): Reorganize misconfiguration scan pages (#8206)\n  * fix(server): add missed Relationship field for `rpc` (#8872)\n  * feat: add JSONC support for comments and trailing commas (#8862)\n  * fix(vex): use `lo.IsNil` to check `VEX` from OCI artifact (#8858)\n  * feat(go): support license scanning in both GOPATH and vendor (#8843)\n  * fix(redhat): save contentSets for OS packages in fs/vm modes (#8820)\n  * fix: filter all files when processing files installed from package managers (#8842)\n  * feat(misconf): add misconfiguration location to junit template (#8793)\n  * docs(vuln): remove OSV for Python from data sources (#8841)\n  * chore: add an issue template for maintainers (#8838)\n  * chore: enable staticcheck (#8815)\n  * ci(helm): bump Trivy version to 0.62.1 for Trivy Helm Chart 0.14.1 (#8836)\n  * feat(license): scan vendor directory for license for go.mod files (#8689)\n  * docs(java):  Update info about dev deps in gradle lock (#8830)\n  * chore(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in the common group (#8822)\n  * fix(java): exclude dev dependencies in gradle lockfile (#8803)\n  * fix: octalLiteral from go-critic (#8811)\n  * fix(redhat): trim invalid suffix from content_sets in manifest parsing (#8818)\n  * chore(deps): bump the common group across 1 directory with 10 updates (#8817)\n  * fix: use-any from revive (#8810)\n  * fix: more revive rules (#8814)\n  * docs: change in java.md: fix the Trity -to-> Trivy typo (#8813)\n  * fix(misconf): check if for-each is known when expanding dyn block (#8808)\n  * ci(helm): bump Trivy version to 0.62.0 for Trivy Helm Chart 0.14.0 (#8802)\n\n- Update to version 0.62.1 (bsc#1239225, CVE-2025-22868,\n                            bsc#1241724, CVE-2025-22872):\n\n  * chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#8831)\n  * fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#8826)\n  * fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#8824)\n  * feat(nodejs): add root and workspace for `yarn` packages (#8535)\n  * fix: unused-parameter rule from revive (#8794)\n  * chore(deps): Update trivy-checks (#8798)\n  * fix: early-return, indent-error-flow and superfluous-else rules from revive  (#8796)\n  * fix(k8s): remove using `last-applied-configuration` (#8791)\n  * refactor(misconf): remove unused methods from providers (#8781)\n  * refactor(misconf): remove unused methods from iac types (#8782)\n  * fix(misconf): filter null nodes when parsing json manifest (#8785)\n  * fix: testifylint last issues (#8768)\n  * fix(misconf): perform operations on attribute safely (#8774)\n  * refactor(ubuntu): update time handling for fixing time (#8780)\n  * chore(deps): bump golangci-lint to v2.1.2 (#8766)\n  * feat(image): save layers metadata into report (#8394)\n  * feat(misconf): convert AWS managed policy to document (#8757)\n  * chore(deps): bump the docker group across 1 directory with 3 updates (#8762)\n  * ci(helm): bump Trivy version to 0.61.1 for Trivy Helm Chart 0.13.1 (#8753)\n  * ci(helm): create a helm branch for patches from main (#8673)\n  * fix(terraform): hcl object expressions to return references (#8271)\n  * chore(terraform): option to pass in instanced logger  (#8738)\n  * ci: use `Skitionek/notify-microsoft-teams` instead of `aquasecurity` fork (#8740)\n  * chore(terraform): remove os.OpenPath call from terraform file functions (#8737)\n  * chore(deps): bump the common group across 1 directory with 23 updates (#8733)\n  * feat(rust): add root and workspace relationships/package for `cargo` lock files (#8676)\n  * refactor(misconf): remove module outputs from parser.EvaluateAll (#8587)\n  * fix(misconf): populate context correctly for module instances (#8656)\n  * fix(misconf): check if metadata is not nil (#8647)\n  * refactor(misconf): switch to x/json  (#8719)\n  * fix(report): clean buffer after flushing (#8725)\n  * ci: improve PR title validation workflow (#8720)\n  * refactor(flag): improve flag system architecture and extensibility (#8718)\n  * fix(terraform): `evaluateStep` to correctly set `EvalContext` for multiple instances of blocks (#8555)\n  * refactor: migrate from `github.com/aquasecurity/jfather` to `github.com/go-json-experiment/json` (#8591)\n  * feat(misconf): support auto_provisioning_defaults in google_container_cluster (#8705)\n  * ci: use `github.event.pull_request.user.login` for release PR check workflow (#8702)\n  * refactor: add hook interface for extended functionality (#8585)\n  * fix(misconf): add missing variable as unknown (#8683)\n  * docs: Update maintainer docs (#8674)\n  * ci(vuln): reduce github action script injection attack risk (#8610)\n  * fix(secret): ignore .dist-info directories during secret scanning (#8646)\n  * fix(server): fix redis key when trying to delete blob (#8649)\n  * chore(deps): bump the testcontainers group with 2 updates (#8650)\n  * test: use `aquasecurity` repository for test images (#8677)\n  * chore(deps): bump the aws group across 1 directory with 5 updates (#8652)\n  * fix(k8s): skip passed misconfigs for the summary report (#8684)\n  * fix(k8s): correct compare artifact versions (#8682)\n  * chore: update Docker lib (#8681)\n  * refactor(misconf): remove unused terraform attribute methods (#8657)\n  * feat(misconf): add option to pass Rego scanner to IaC scanner (#8369)\n  * chore: typo fix to replace `rego` with `repo` on the RepoFlagGroup options error output (#8643)\n  * docs: Add info about helm charts release (#8640)\n  * ci(helm): bump Trivy version to 0.61.0 for Trivy Helm Chart 0.13.0 (#8638)\n\nUpdate to version 0.61.1 (bsc#1239385, CVE-2025-22869, bsc#1240466, CVE-2025-30204):\n\n  * fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748)\n  * fix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699)\n  * test: use `aquasecurity` repository for test images [backport: release/v0.61] (#8698)\n  * fix(misconf): Improve logging for unsupported checks (#8634)\n  * feat(k8s): add support for controllers (#8614)\n  * fix(debian): don't include empty licenses for `dpkgs` (#8623)\n  * fix(misconf): Check values wholly prior to evalution (#8604)\n  * chore(deps): Bump trivy-checks (#8619)\n  * fix(k8s): show report for `--report all` (#8613)\n  * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8597)\n  * refactor: rename scanner to service (#8584)\n  * fix(misconf): do not skip loading documents from subdirectories (#8526)\n  * refactor(misconf): get a block or attribute without calling HasChild (#8586)\n  * fix(misconf): identify the chart file exactly by name (#8590)\n  * test: use table-driven tests in Helm scanner tests (#8592)\n  * refactor(misconf): Simplify misconfig checks bundle parsing (#8533)\n  * chore(deps): bump the common group across 1 directory with 10 updates (#8566)\n  * fix(misconf): do not use cty.NilVal for non-nil values (#8567)\n  * docs(cli): improve flag value display format (#8560)\n  * fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548)\n  * docs: remove slack (#8565)\n  * fix: use `--file-patterns` flag for all post analyzers (#7365)\n  * docs(python): Mention pip-compile (#8484)\n  * feat(misconf): adapt aws_opensearch_domain (#8550)\n  * feat(misconf): adapt AWS::EC2::VPC (#8534)\n  * docs: fix a broken link (#8546)\n  * fix(fs): check postAnalyzers for StaticPaths (#8543)\n  * refactor(misconf): remove unused methods for ec2.Instance (#8536)\n  * feat(misconf): adapt aws_default_security_group (#8538)\n  * feat(fs): optimize scanning performance by direct file access for known paths (#8525)\n  * feat(misconf): adapt AWS::DynamoDB::Table (#8529)\n  * style: Fix MD syntax in self-hosting.md (#8523)\n  * perf(misconf): retrieve check metadata from annotations once (#8478)\n  * feat(misconf): Add support for aws_ami (#8499)\n  * fix(misconf): skip Azure CreateUiDefinition (#8503)\n  * refactor(misconf): use OPA v1 (#8518)\n  * fix(misconf): add ephemeral block type to config schema (#8513)\n  * perf(misconf): parse input for Rego once (#8483)\n  * feat: replace TinyGo with standard Go for WebAssembly modules (#8496)\n  * chore: replace deprecated tenv linter with usetesting (#8504)\n  * fix(spdx): save text licenses into `otherLicenses` without normalize (#8502)\n  * chore(deps): bump the common group across 1 directory with 13 updates (#8491)\n  * chore: use go.mod for managing Go tools (#8493)\n  * ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (#8494)\n  * fix(sbom): improve logic for binding direct dependency to parent component (#8489)\n  * chore(deps): remove missed replace of `trivy-db` (#8492)\n  * chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490)\n  * chore(deps): update Go to 1.24 and switch to go-version-file (#8388)\n  * docs: add abbreviation list (#8453)\n  * chore(terraform): assign *terraform.Module 'parent' field (#8444)\n  * feat: add report summary table (#8177)\n  * chore(deps): bump the github-actions group with 3 updates (#8473)\n  * refactor(vex): improve SBOM reference handling with project standards (#8457)\n  * ci: update GitHub Actions cache to v4 (#8475)\n  * feat: add `--vuln-severity-source` flag (#8269)\n  * fix(os): add mapping OS aliases (#8466)\n  * chore(deps): bump the aws group across 1 directory with 7 updates (#8468)\n  * chore(deps): Bump trivy-checks to v1.7.1 (#8467)\n  * refactor(report): write tables after rendering all results (#8357)\n  * docs: update VEX documentation index page (#8458)\n  * fix(db): fix case when 2 trivy-db were copied at the same time (#8452)\n  * feat(misconf): render causes for Terraform (#8360)\n  * fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073)\n  * feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254)\n  * chore(deps): update go-rustaudit location (#8450)\n  * fix: update all documentation links (#8045)\n  * chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443)\n  * chore(deps): bump the common group with 6 updates (#8411)\n  * fix(k8s): add missed option `PkgRelationships` (#8442)\n  * fix(sbom): add SBOM file's filePath as Application FilePath if we can't detect its path (#8346)\n  * feat(go): fix parsing main module version for go >= 1.24 (#8433)\n  * refactor(misconf): make Rego scanner independent of config type (#7517)\n  * fix(image): disable AVD-DS-0007 for history scanning (#8366)\n  * fix(server): secrets inspectation for the config analyzer in client server mode (#8418)\n  * chore: remove mockery (#8417)\n  * test(server): replace mock driver with memory cache in server tests (#8416)\n  * test: replace mock with memory cache and fix non-deterministic tests (#8410)\n  * test: replace mock with memory cache in scanner tests (#8413)\n  * test: use memory cache (#8403)\n  * fix(spdx): init `pkgFilePaths` map for all formats (#8380)\n  * chore(deps): bump the common group across 1 directory with 11 updates (#8381)\n  * docs: correct Ruby documentation (#8402)\n  * chore: bump `mockery` to update v2.52.2 version and rebuild mock files (#8390)\n  * fix: don't use `scope` for `trivy registry login` command (#8393)\n  * fix(go): merge nested flags into string for ldflags for Go binaries (#8368)\n  * chore(terraform): export module path on terraform modules (#8374)\n  * fix(terraform): apply parser options to submodule parsing (#8377)\n  * docs: Fix typos in documentation (#8361)\n  * docs: fix navigate links (#8336)\n  * ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354)\n  * ci(spdx): add `aqua-installer` step to fix `mage` error (#8353)\n  * chore: remove debug prints (#8347)\n  * fix(misconf): do not log scanners when misconfig scanning is disabled (#8345)\n  * fix(report): remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports (#8344)\n  * chore(deps): bump Go to `v1.23.5` (#8341)\n  * fix(python): add `poetry` v2 support (#8323)\n  * chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331)\n  * fix(misconf): ecs include enhanced for container insights (#8326)\n  * fix(sbom): preserve OS packages from multiple SBOMs (#8325)\n  * ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311)\n  *  (bsc#1237618, CVE-2025-27144)\n\nUpdate to version 0.59.1:\n\n  * fix(misconf): do not log scanners when misconfig scanning is disabled [backport: release/v0.59] (#8349)\n  * chore(deps): bump Go to `v1.23.5` [backport: release/v0.59] (#8343)\n  * fix(python): add `poetry` v2 support [backport: release/v0.59] (#8335)\n  * fix(sbom): preserve OS packages from multiple SBOMs [backport: release/v0.59] (#8333)\n\nUpdate to version 0.59.0:\n\n  * feat(image): return error early if total size of layers exceeds limit (#8294)\n  * chore(deps): Bump trivy-checks (#8310)\n  * chore(terraform): add accessors to underlying raw hcl values (#8306)\n  * fix: improve conversion of image config to Dockerfile (#8308)\n  * docs: replace short codes with Unicode emojis (#8296)\n  * feat(k8s): improve artifact selections for specific namespaces (#8248)\n  * chore: update code owners (#8303)\n  * fix(misconf): handle heredocs in dockerfile instructions (#8284)\n  * fix: de-duplicate same `dpkg` packages with different filePaths from different layers (#8298)\n  * chore(deps): bump the aws group with 7 updates (#8299)\n  * chore(deps): bump the common group with 12 updates (#8301)\n  * chore: enable int-conversion from perfsprint (#8194)\n  * feat(fs): use git commit hash as cache key for clean repositories (#8278)\n  * fix(spdx): use the `hasExtractedLicensingInfos` field for licenses that are not listed in the SPDX (#8077)\n  * chore: use require.ErrorContains when possible (#8291)\n  * feat(image): prevent scanning oversized container images (#8178)\n  * chore(deps): use aqua forks for `github.com/liamg/jfather` and `github.com/liamg/iamgo` (#8289)\n  * fix(fs): fix cache key generation to use UUID (#8275)\n  * fix(misconf): correctly handle all YAML tags in K8S templates (#8259)\n  * feat: add support for registry mirrors (#8244)\n  * chore(deps): bump the common group across 1 directory with 29 updates (#8261)\n  * refactor(license): improve license expression normalization (#8257)\n  * feat(misconf): support for ignoring by inline comments for Dockerfile (#8115)\n  * feat: add a examples field to check metadata (#8068)\n  * chore(deps): bump alpine from 3.20.0 to 3.21.0 in the docker group across 1 directory (#8196)\n  * ci: add workflow to restrict direct PRs to release branches (#8240)\n  * fix(suse): SUSE - update OSType constants and references for compatility (#8236)\n  * ci: fix path to main dir for canary builds (#8231)\n  * chore(secret): add reported issues related to secrets in junit template (#8193)\n  * refactor: use trivy-checks/pkg/specs package (#8226)\n  * ci(helm): bump Trivy version to 0.58.1 for Trivy Helm Chart 0.10.0 (#8170)\n  * fix(misconf): allow null values only for tf variables (#8112)\n  * feat(misconf): support for ignoring by inline comments for Helm (#8138)\n  * fix(redhat): check `usr/share/buildinfo/` dir to detect content sets (#8222)\n  * chore(alpine): add EOL date for Alpine 3.21 (#8221)\n  * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207)\n  * fix(misconf): disable git terminal prompt on tf module load (#8026)\n  * chore: remove aws iam related scripts (#8179)\n  * docs: Updated JSON schema version 2 in the trivy documentation (#8188)\n  * refactor(python): use once + debug for `License acquired from METADATA...` logs (#8175)\n  * refactor: use slices package instead of custom function (#8172)\n  * chore(deps): bump the common group with 6 updates (#8162)\n  * feat(python): add support for uv dev and optional dependencies (#8134)\n  * feat(python): add support for poetry dev dependencies (#8152)\n  * fix(sbom): attach nested packages to Application (#8144)\n  * docs(vex): use debian minor version in examples (#8166)\n  * refactor: add generic Set implementation (#8149)\n  * chore(deps): bump the aws group across 1 directory with 6 updates (#8163)\n  * fix(python): skip dev group's deps for poetry (#8106)\n  * fix(sbom): use root package for `unknown` dependencies (if exists) (#8104)\n  * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` (#8140)\n  * chore(vex): suppress CVE-2024-45338 (#8137)\n  * feat(python): add support for uv (#8080)\n  * chore(deps): bump the docker group across 1 directory with 3 updates (#8127)\n  * chore(deps): bump the common group across 1 directory with 14 updates (#8126)\n  * chore: bump go to 1.23.4 (#8123)\n  * test: set dummy value for NUGET_PACKAGES (#8107)\n  * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` (#8105)\n  * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#8103)\n  * fix: wasm module test (#8099)\n  * fix: CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#8088)\n  * chore(vex): suppress CVE-2024-45337 (#8101)\n  * fix(license): always trim leading and trailing spaces for licenses (#8095)\n  * fix(sbom): scan results of SBOMs generated from container images are missing layers (#7635)\n  * fix(redhat): correct rewriting of recommendations for the same vulnerability (#8063)\n  * fix: enable err-error and errorf rules from perfsprint linter (#7859)\n  * chore(deps): bump the aws group across 1 directory with 6 updates (#8074)\n  * perf: avoid heap allocation in applier findPackage (#7883)\n  * fix: Updated twitter icon (#7772)\n  * docs(k8s): add a note about multi-container pods (#7815)\n  * feat: add `--distro` flag to manually specify OS distribution for vulnerability scanning (#8070)\n  * fix(oracle): add architectures support for advisories (#4809)\n  * fix: handle `BLOW_UNKNOWN` error to download DBs (#8060)\n  * feat(misconf): generate placeholders for random provider resources (#8051)\n  * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type (#8052)\n  * fix(flag): skip hidden flags for `--generate-default-config` command (#8046)\n  * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props (#8050)\n  * feat(nodejs): respect peer dependencies for dependency tree (#7989)\n  * ci(helm): bump Trivy version to 0.58.0 for Trivy Helm Chart 0.10.0 (#8038)\n  * fix: respect GITHUB_TOKEN to download artifacts from GHCR (#7580)\n  * chore(deps): bump github.com/moby/buildkit from 0.17.2 to 0.18.0 in the docker group (#8029)\n  * fix(misconf): use log instead of fmt for logging (#8033)\n  * docs: add commercial content (#8030)\n\n- Update to version 0.58.2 (\n      bsc#1234512, CVE-2024-45337,\n      bsc#1235265, CVE-2024-45338,\n      bsc#1232948, CVE-2024-51744):\n\n  * fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238)\n  * fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237)\n  * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215)\n  * fix(sbom): attach nested packages to Application [backport: release/v0.58] (#8168)\n  * fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158)\n  * fix(sbom): use root package for `unknown` dependencies (if exists) [backport: release/v0.58] (#8156)\n  * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` [backport: release/v0.58] (#8142)\n  * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` [backport: release/v0.58] (#8136)\n  * fix(redhat): correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135)\n  * fix(oracle): add architectures support for advisories [backport: release/v0.58] (#8125)\n  * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124)\n  * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: release/v0.58] (#8122)\n  * fix: handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] (#8121)\n  * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props [backport: release/v0.58] (#8119)\n  * fix(misconf): wrap AWS EnvVar to iac types (#7407)\n  * chore(deps): Upgrade trivy-checks (#8018)\n  * refactor(misconf): Remove unused options (#7896)\n  * docs: add terminology page to explain Trivy concepts (#7996)\n  * feat: add `workspaceRelationship` (#7889)\n  * refactor(sbom): simplify relationship generation (#7985)\n  * chore: remove Go checks (#7907)\n  * docs: improve databases documentation (#7732)\n  * refactor: remove support for custom Terraform checks (#7901)\n  * docs: fix dead links (#7998)\n  * docs: drop AWS account scanning (#7997)\n  * fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995)\n  * fix(cli): Handle empty ignore files more gracefully (#7962)\n  * fix(misconf): load full Terraform module (#7925)\n  * fix(misconf): properly resolve local Terraform cache (#7983)\n  * refactor(k8s): add v prefix for Go packages (#7839)\n  * test: replace Go checks with Rego (#7867)\n  * feat(misconf): log causes of HCL file parsing errors (#7634)\n  * chore(deps): bump the aws group across 1 directory with 7 updates (#7991)\n  * chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990)\n  * chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992)\n  * chore: downgrade the failed block expand message to debug (#7964)\n  * fix(misconf): do not erase variable type for child modules (#7941)\n  * feat(go): construct dependencies of `go.mod` main module in the parser (#7977)\n  * feat(go): construct dependencies in the parser (#7973)\n  * feat: add cvss v4 score and vector in scan response (#7968)\n  * docs: add `overview` page for `others` (#7972)\n  * fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871)\n  * feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965)\n  * chore(deps): bump the common group with 4 updates (#7949)\n  * feat(oracle): add `flavors` support (#7858)\n  * fix(misconf): Update trivy-checks default repo to `mirror.gcr.io` (#7953)\n  * chore(deps): Bump up trivy-checks to v1.3.0 (#7959)\n  * fix(k8s): check all results for vulnerabilities (#7946)\n  * ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0 (#7945)\n  * feat(secret): Add built-in secrets rules for Private Packagist (#7826)\n  * docs: Fix broken links (#7900)\n  * docs: fix mistakes/typos (#7942)\n  * feat: Update registry fallbacks (#7679)\n  * fix(alpine): add `UID` for removed packages (#7887)\n  * chore(deps): bump the aws group with 6 updates (#7902)\n  * chore(deps): bump the common group with 6 updates (#7904)\n  * fix(debian): infinite loop (#7928)\n  * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files (#7912)\n  * docs: add note about temporary podman socket (#7921)\n  * docs: combine trivy.dev into trivy docs (#7884)\n  * test: change branch in spdx schema link to check in integration tests (#7935)\n  * docs: add Headlamp to the Trivy Ecosystem page (#7916)\n  * fix(report): handle `git@github.com` schema for misconfigs in `sarif` report (#7898)\n  * chore(k8s): enhance k8s scan log (#6997)\n  * fix(terraform): set null value as fallback for missing variables (#7669)\n  * fix(misconf): handle null properties in CloudFormation templates (#7813)\n  * fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882)\n  * chore(deps): bump the common group across 1 directory with 20 updates (#7876)\n  * chore: bump containerd to v2.0.0 (#7875)\n  * fix: Improve version comparisons when build identifiers are present (#7873)\n  * feat(k8s): add default commands for unknown platform (#7863)\n  * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#7868)\n  * refactor(secret): optimize performance by moving ToLower operation outside loop (#7862)\n  * test: save `containerd` image into archive and use in tests (#7816)\n  * chore(deps): bump the github-actions group across 1 directory with 2 updates (#7854)\n  * chore: bump golangci-lint to v1.61.0 (#7853)\n\nUpdate to version 0.57.1:\n\n  * feat: Update registry fallbacks [backport: release/v0.57] (#7944)\n  * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files [backport: release/v0.57] (#7939)\n  * test: change branch in spdx schema link to check in integration tests [backport: release/v0.57] (#7940)\n  * release: v0.57.0 [main] (#7710)\n  * chore: lint `errors.Join` (#7845)\n  * feat(db): append errors (#7843)\n  * docs(java): add info about supported scopes (#7842)\n  * docs: add example of creating whitelist of checks (#7821)\n  * chore(deps): Bump trivy-checks (#7819)\n  * fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733)\n  * fix(k8s): skip resources without misconfigs (#7797)\n  * fix(sbom):  use `Annotation` instead of `AttributionTexts` for `SPDX` formats (#7811)\n  * fix(cli): add config name to skip-policy-update alias (#7820)\n  * fix(helm): properly handle multiple archived dependencies (#7782)\n  * refactor(misconf): Deprecate `EXCEPTIONS` for misconfiguration scanning (#7776)\n  * fix(k8s)!: support k8s multi container (#7444)\n  * fix(k8s): support kubernetes v1.31 (#7810)\n  * docs: add Windows install instructions (#7800)\n  * ci(helm): auto public Helm chart after PR merged (#7526)\n  * feat: add end of life date for Ubuntu 24.10 (#7787)\n  * feat(report): update gitlab template to populate operating_system value (#7735)\n  * feat(misconf): Show misconfig ID in output (#7762)\n  * feat(misconf): export unresolvable field of IaC types to Rego (#7765)\n  * refactor(k8s): scan config files as a folder (#7690)\n  * fix(license): fix license normalization for Universal Permissive License (#7766)\n  * fix: enable usestdlibvars linter (#7770)\n  * fix(misconf): properly expand dynamic blocks (#7612)\n  * feat(cyclonedx): add file checksums to `CycloneDX` reports (#7507)\n  * fix(misconf): fix for Azure Storage Account network acls adaptation (#7602)\n  * refactor(misconf): simplify k8s scanner (#7717)\n  * feat(parser): ignore white space in pom.xml files (#7747)\n  * test: use forked images (#7755)\n  * fix(java): correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents (#7541)\n  * fix(misconf): check if property is not nil before conversion (#7578)\n  * fix(misconf): change default ACL of digitalocean_spaces_bucket to private (#7577)\n  * feat(misconf): ssl_mode support for GCP SQL DB instance (#7564)\n  * test: define constants for test images (#7739)\n  * docs: add note about disabled DS016 check (#7724)\n  * feat(misconf): public network support for Azure Storage Account (#7601)\n  * feat(cli): rename `trivy auth` to `trivy registry` (#7727)\n  * docs: apt-transport-https is a transitional package (#7678)\n  * refactor(misconf): introduce generic scanner (#7515)\n  * fix(cli): `clean --all` deletes only relevant dirs (#7704)\n  * feat(cli): add `trivy auth` (#7664)\n  * fix(sbom): add options for DBs in private registries (#7660)\n  * docs(report): fix reporting doc format (#7671)\n  * fix(repo): `git clone` output to Stderr (#7561)\n  * fix(redhat): include arch in PURL qualifiers (#7654)\n  * fix(report): Fix invalid URI in SARIF report (#7645)\n  * docs(report): Improve SARIF reporting doc (#7655)\n  * fix(db): fix javadb downloading error handling (#7642)\n  * feat(cli): error out when ignore file cannot be found (#7624)\n\nUpdate to version 0.56.2:\n\n  * fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702)\n  * fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691)\n\n- Update to version 0.51.1 (bsc#1227010, CVE-2024-3817):\n","id":"openSUSE-SU-2025-20117-1","modified":"2025-11-27T12:27:44Z","published":"2025-11-27T12:27:44Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1227010"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232948"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234512"},{"type":"REPORT","url":"https://bugzilla.suse.com/1235265"},{"type":"REPORT","url":"https://bugzilla.suse.com/1237618"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239225"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239385"},{"type":"REPORT","url":"https://bugzilla.suse.com/1240466"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241724"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243633"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246151"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246730"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248897"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248937"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250625"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-3817"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45337"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45338"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-51744"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-11065"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-21613"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-21614"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22868"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22869"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22872"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-27144"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-30204"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-46569"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47291"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-53547"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58058"}],"related":["CVE-2024-3817","CVE-2024-45337","CVE-2024-45338","CVE-2024-51744","CVE-2025-11065","CVE-2025-21613","CVE-2025-21614","CVE-2025-22868","CVE-2025-22869","CVE-2025-22872","CVE-2025-27144","CVE-2025-30204","CVE-2025-46569","CVE-2025-47291","CVE-2025-53547","CVE-2025-58058"],"summary":"Security update for trivy","upstream":["CVE-2024-3817","CVE-2024-45337","CVE-2024-45338","CVE-2024-51744","CVE-2025-11065","CVE-2025-21613","CVE-2025-21614","CVE-2025-22868","CVE-2025-22869","CVE-2025-22872","CVE-2025-27144","CVE-2025-30204","CVE-2025-46569","CVE-2025-47291","CVE-2025-53547","CVE-2025-58058"]}