Socket
Book a DemoSign in
Socket
Book a DemoSign in

Trivy Github Actions Compromise

A supply chain attack has compromised the official aquasecurity/trivy-action repository, marking the second Trivy-related incident in March following an earlier OpenVSX compromise of the Aqua Trivy VS Code extension. The threat-actor force-pushed 75 out of 76 version tags, replacing legitimate references with a malicious payload designed to harvest secrets inside GitHub Actions runners, including SSH keys, cloud credentials across AWS, GCP, and Azure, and Kubernetes service account tokens. With over 10,000 workflow files referencing this action, the blast radius is significant, and the compromised tags remain live at time of writing.

Ecosystems:

actions
Public
Ongoing
First discovered
3/18/2026
Last activity
3/18/2026
Affected Package Artifacts
82
Package Artifacts Last 7 Days
82
100%
vs previous 7 days

Campaign Coverage

Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets

Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets

Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.

By Philipp Burckhardt  -  Mar 20, 2026

Affected packages

Package ArtifactPublishedDetected

actions aquasecurity/trivy-action c19401b2f58dc6d2632cb473d44be98dd8292a93

-3/19/2026, 7:28:57 PM

actions aquasecurity/trivy-action 1d74e4cf63b7cf083cf92bf5923cf037f7011c6b

-3/19/2026, 7:28:50 PM

actions aquasecurity/trivy-action cf1692a1fc7a47120e6508309765db7e33477946

-3/19/2026, 7:28:43 PM

actions aquasecurity/trivy-action 85cb72f1e8ee5e6e44488cd6cbdbca94722f96ed

-3/19/2026, 7:28:43 PM

actions aquasecurity/trivy-action fd090040b5f584f4fcbe466878cb204d0735dcf4

-3/19/2026, 7:28:38 PM

actions aquasecurity/trivy-action 3d1b5be1589a83fc98b82781c263708b2eb3b47b

-3/19/2026, 7:28:31 PM

actions aquasecurity/trivy-action 985447b035c447c1ed45f38fad7ca7a4254cb668

-3/19/2026, 7:28:19 PM

actions aquasecurity/trivy-action 3201ddddd69a1419c6f1511a14c5945ba3217126

-3/19/2026, 7:27:37 PM

actions aquasecurity/trivy-action 9738180dd24427b8824445dbbc23c30ffc1cb0d8

-3/19/2026, 7:27:37 PM

actions aquasecurity/trivy-action e0198fd2b6e1679e36d32933941182d9afa82f6f

-3/19/2026, 7:27:34 PM

actions aquasecurity/trivy-action 9ba3c3cd3b23d033cd91253a9e61a4bf59c8a670

-3/19/2026, 7:27:30 PM

actions aquasecurity/trivy-action 794b6d99daefd5e27ecb33e12691c4026739bf98

-3/19/2026, 7:27:25 PM

actions aquasecurity/trivy-action 8aa8af3ea1de8e968a3e49a40afb063692ab8eae

-3/19/2026, 7:27:24 PM

actions aquasecurity/trivy-action 91d5e0a13afab54533a95f8019dd7530bd38a071

-3/19/2026, 7:27:23 PM

actions aquasecurity/trivy-action a5b4818debf2adbaba872aaffd6a0f64a26449fa

-3/19/2026, 7:27:20 PM

actions aquasecurity/trivy-action ab6606b76e5a054be08cab3d07da323e90e751e8

-3/19/2026, 7:27:14 PM

actions aquasecurity/trivy-action e53b0483d08da44da9dfe8a84bf2837e5163699b

-3/19/2026, 7:27:13 PM

actions aquasecurity/trivy-action b9faa60f85f6f780a34b8d0faaf45b3e3966fdda

-3/19/2026, 7:27:12 PM

actions aquasecurity/trivy-action 6fc874a1f9d65052d4c67a314da1dae914f1daff

-3/19/2026, 7:27:03 PM

actions aquasecurity/trivy-action cf19d27c8a7fb7a8bbf1e1000e9318749bcd82cf

-3/19/2026, 7:27:03 PM

actions aquasecurity/trivy-action ef3a510e3f94df3ea9fcd01621155ca5f2c3bf5b

-3/19/2026, 7:27:03 PM

actions aquasecurity/trivy-action 6ec7aaf336b7d2593d980908be9bc4fed6d407c6

-3/19/2026, 7:26:34 PM

actions aquasecurity/trivy-action da73ae0790e458e878b300b57ceb5f81ac573b46

-3/19/2026, 7:26:33 PM

actions aquasecurity/trivy-action 7550f14b64c1c724035a075b36e71423719a1f30

-3/19/2026, 7:26:31 PM

actions aquasecurity/trivy-action 0d49ceb356f7d4735c63bd0d5c7e67665ec7f80c

-3/19/2026, 7:26:23 PM

actions aquasecurity/trivy-action aa3c46a9643b18125abb8aefc13219014e9c4be8

-3/19/2026, 7:26:21 PM

actions aquasecurity/trivy-action ea56cd31d82b853932d50f1144e95b21817e52cf

-3/19/2026, 7:26:20 PM

actions aquasecurity/trivy-action 276ca9680f6df9016db12f7c48571e5c4639451d

-3/19/2026, 7:26:18 PM

actions aquasecurity/trivy-action 405e91f329294fb696f55793203abf1f6aba9b40

-3/19/2026, 7:26:07 PM

actions aquasecurity/trivy-action 506d7ff06abc509692c600b5b69b4dc6ceaa4b15

-3/19/2026, 7:26:04 PM

actions aquasecurity/trivy-action 22e864e71155122e2834eb0c10d0e7e0b8f65aa3

-3/19/2026, 7:19:50 PM

actions aquasecurity/trivy-action 252554b0e1130467f4301ba65c55a9c373508e35

-3/19/2026, 7:19:37 PM

actions aquasecurity/trivy-action f77738448eec70113cf711656914b61905b3bd47

-3/19/2026, 7:19:23 PM

actions aquasecurity/trivy-action 820428afeb64484d311211658383ce7f79d31a0a

-3/19/2026, 7:18:18 PM

actions aquasecurity/trivy-action 555e7ad4c895c558c7214496df1cd56d1390c516

-3/19/2026, 7:18:04 PM

actions aquasecurity/trivy-action 2297a1b967ecc05ba2285eb6af56ab4da554ecae

-3/19/2026, 7:18:04 PM

actions aquasecurity/trivy-action c5967f85626795f647d4bf6eb67227f9b79e02f5

-3/19/2026, 7:17:51 PM

actions aquasecurity/trivy-action b745a35bad072d93a9b83080e9920ec52c6b5a27

-3/19/2026, 7:17:51 PM

actions aquasecurity/trivy-action 38623bf26706d51c45647909dcfb669825442804

-3/19/2026, 7:17:50 PM

actions aquasecurity/trivy-action 9e8968cb83234f0de0217aa8c934a68a317ee518

-3/19/2026, 7:17:37 PM

actions aquasecurity/trivy-action 9c000ba9d482773cbbc2c3544d61b109bc9eb832

-3/19/2026, 7:17:36 PM

actions aquasecurity/trivy-action 91e7c2c36dcad14149d8e455b960af62a2ffb275

-3/19/2026, 7:17:36 PM

actions aquasecurity/trivy-action 4bdcc5d9ef3ddb42ccc9126e6c07faa3df2807e3

-3/19/2026, 7:17:35 PM

actions aquasecurity/trivy-action 2a51c5c5bb1fd1f0e134c9754f1702cfa359c3dd

-3/19/2026, 7:17:24 PM

actions aquasecurity/trivy-action 8ae5a08aec3013ee8f6132b2a9012b45002f8eaa

-3/19/2026, 7:17:23 PM

actions aquasecurity/trivy-action fd429cf86db999572f3d9ca7c54561fdf7d388a4

-3/19/2026, 7:17:21 PM

actions aquasecurity/trivy-action 66c90331c8b991e7895d37796ac712b5895dda3b

-3/19/2026, 7:17:20 PM

actions aquasecurity/trivy-action 2b1dac84ff12ba56158b3a97e2941a587cb20da9

-3/19/2026, 7:17:09 PM

actions aquasecurity/trivy-action fa4209b6182a4c1609ce34d40b67f5cfd7f00f53

-3/19/2026, 7:17:08 PM

actions aquasecurity/trivy-action b7252377a3d82c73d497bfafa3eabe84de1d02c4

-3/19/2026, 7:17:06 PM

actions aquasecurity/trivy-action ddb94181dcbc723d96ffc07fddd14d97e4849016

-3/19/2026, 7:17:02 PM

actions aquasecurity/trivy-action ad623e14ebdfe82b9627811d57b9a39e283d6128

-3/19/2026, 7:16:53 PM

actions aquasecurity/trivy-action 848d665ed24dc1a41f6b4b7c7ffac7693d6b37be

-3/19/2026, 7:16:53 PM

actions aquasecurity/trivy-action ddb6697447a97198bdef9bae00215059eb5e8bc2

-3/19/2026, 7:16:52 PM

actions aquasecurity/trivy-action 3dffed04dc90cf1c548f40577d642c52241ec76c

-3/19/2026, 7:16:52 PM

actions aquasecurity/trivy-action 7f6f0ce52a59bdfc5757c3982aac2353b58f4c73

-3/19/2026, 7:16:46 PM

actions aquasecurity/trivy-action 19851bef764b57ff95b35e66589f31949eeb229d

-3/19/2026, 7:16:38 PM

actions aquasecurity/trivy-action b7befdc106c600585d3eec87d7e98e1c136839ae

-3/19/2026, 7:16:38 PM

actions aquasecurity/trivy-action 61fbe20b7589e6b61eedcd5fe1e958e1a95fbd13

-3/19/2026, 7:16:37 PM

actions aquasecurity/trivy-action fa78e67c0df002c509bcdea88677fb5e2fe6a9b1

-3/19/2026, 7:16:36 PM

actions aquasecurity/trivy-action 7b955a5ece1e1b085c12dac7ac10e0eb1f5b0d4d

-3/19/2026, 7:16:31 PM

actions aquasecurity/trivy-action 9092287c0339a8102f91c5a257a7e27625d9d029

-3/19/2026, 7:16:24 PM

actions aquasecurity/trivy-action 8519037888b189f13047371758f7aed2283c6b58

-3/19/2026, 7:16:20 PM

actions aquasecurity/trivy-action 8cfb9c31cc944da57458555aa398bb99336d5a1f

-3/19/2026, 7:16:20 PM

actions aquasecurity/trivy-action a9bc513ea7989e3234b395cafb8ed5ccc3755636

-3/19/2026, 7:16:19 PM

actions aquasecurity/trivy-action 3c615ac0f29e743eda8863377f9776619fd2db76

-3/19/2026, 7:16:13 PM

actions aquasecurity/trivy-action d488f4388ff4aa268906e25c2144f1433a4edec2

-3/19/2026, 7:16:05 PM

actions aquasecurity/trivy-action bb75a9059c2d5803db49e6ed6c6f7e0b367f96be

-3/19/2026, 7:16:02 PM

actions aquasecurity/trivy-action f5c9fd927027beaa3760d2a84daa8b00e6e5ee21

-3/19/2026, 7:16:01 PM

actions aquasecurity/trivy-action 18f01febc4c3cd70ce6b94b70e69ab866fc033f5

-3/19/2026, 7:16:01 PM

actions aquasecurity/trivy-action 4209dcadeaea6a7df69262fef1beeda940881d4d

-3/19/2026, 7:15:54 PM

actions aquasecurity/trivy-action 0891663bc55073747be0eb864fbec3727840945d

-3/19/2026, 7:15:41 PM

actions aquasecurity/trivy-action f4f1785be270ae13f36f6a8cfbf6faaae50e660a

-3/19/2026, 7:15:41 PM

actions aquasecurity/trivy-action 2e7964d59cd24d1fd2aa4d6a5f93b7f09ea96947

-3/19/2026, 7:15:41 PM

actions aquasecurity/trivy-action ddb9da4475c1cef7d5389062bdfdfbdbd1394648

-3/19/2026, 7:15:39 PM

actions aquasecurity/setup-trivy 8afa9b9f9183b4e00c46e2b82d34047e3c177bd0

-3/19/2026, 7:14:09 PM

actions aquasecurity/setup-trivy f4436225d8a5fd1715d3c2290d8a50643e726031

-3/19/2026, 7:14:08 PM

actions aquasecurity/setup-trivy 99b93c070aac11b52dfc3e41a55cbb24a331ae75

-3/19/2026, 7:14:07 PM

actions aquasecurity/setup-trivy 384add36b52014a0f99c0ab3a3d58bd47e53d00f

-3/19/2026, 7:14:03 PM

actions aquasecurity/setup-trivy 386c0f18ac3d7f2ed33e2d884761119f4024ff8a

-3/19/2026, 7:14:02 PM

actions aquasecurity/setup-trivy 6d8d730153d6151e03549f276faca0275ed9c7b2

-3/19/2026, 7:14:00 PM

actions aquasecurity/setup-trivy 7a4b6f31edb8db48cc22a1d41e298b38c4a6417e

-3/19/2026, 7:14:00 PM

Showing 82 of 82

SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore crates.io
Explore Chrome Web Store
Explore Packagist
Explore Go Modules
Explore Hugging Face Hub
Explore Maven Central
Explore NuGet
Explore Open VSX
Explore PyPI
Explore RubyGems.org

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.