On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious commits.
On March 22, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.5 and v0.69.6 DockerHub images.
| Component | Start (UTC) | End (UTC) | Duration | | ------------- | ---------------------- | ----------------- | --------- | | trivy v0.69.4 | 2026-03-19 18:22 [^1] | 2026-03-19 ~21:42 | ~3 hours | | trivy-action | 2026-03-19 ~17:43 [^2] | 2026-03-20 ~05:40 | ~12 hours | | setup-trivy | 2026-03-19 ~17:43 [^2] | 2026-03-19 ~21:44 | ~4 hours | | dockerhub trivy images v0.69.5 and v0.69.6 | 2026-03-22 15:43 | 2026-03-23 ~01:40 | ~10 hours |
[^1]: Time when v0.69.4 release artifacts became publicly available. The malicious tag was pushed at ~17:43 UTC, triggering the release pipeline. [^2]: Earliest suspicious activity observed in our audit log.
Note that all malicious components, artifacts, commits, etc have been removed from all sources and destinations (yet they may linger in intermediary caches). Use this information to understand if you have been exposed to the malicious artifacts during the exposure window.
trivy binary and imageYou are affected if you used:
You are not affected if you used:
0.2.60.35.00.69.4Exploitability
AV:NAC:LAT:NPR:LUI:NVulnerable System
VC:HVI:HVA:HSubsequent System
SC:HSI:HSA:H9.4/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H