grype | Snyk

Direct Vulnerabilities

Known vulnerabilities in the grype package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Insufficiently Protected Credentials	<0.111.0-r4
L GHSA-3xc5-wrhm-f963	<0.111.0-r4
L GHSA-xmrv-pmrh-hhx2	<0.111.0-r3
L CVE-2026-4660	<0.111.0-r3
L GHSA-92mm-2pjq-r785	<0.111.0-r3
H Untrusted Search Path	<0.111.0-r1
L GHSA-hfvc-g4fc-pqhx	<0.111.0-r1
L Uncaught Exception	<0.110.0-r2
L GHSA-78h2-9frx-2jm8	<0.110.0-r2
L GHSA-jhf3-xxhw-2wpp	<0.110.0-r1
L GHSA-gm2x-2g9h-ccm8	<0.110.0-r1
L Integer Underflow	<0.110.0-r1
L Improper Validation of Array Index	<0.110.0-r1
L GHSA-p77j-4mvh-x3m3	<0.110.0-r0
L Improper Authorization	<0.110.0-r0
L Untrusted Search Path	<0.109.0-r2
L GHSA-9h8m-3fm2-qjrq	<0.109.0-r2
L GHSA-q9hv-hpm4-hj6x	<0.109.0-r1
C CVE-2026-1229	<0.109.0-r1
L CVE-2025-61732	<0.107.1-r1
L GHSA-h355-32pf-p2xm	<0.107.1-r1
M Improper Validation of Integrity Check Value	<0.108.0-r0
L GHSA-37cx-329c-33x3	<0.108.0-r0
L GHSA-8jvr-vh7g-f8gx	<0.107.1-r1
C CVE-2025-68121	<0.107.1-r1
L GHSA-pwhc-rpq9-4c8w	<0.103.0-r1
L GHSA-6v2p-p543-phr9	<0.89.0-r1
L GHSA-m6hq-p25p-ffr2	<0.103.0-r1
H Incorrect Execution-Assigned Permissions	<0.103.0-r1
M Memory Leak	<0.103.0-r1
L GHSA-7c64-f9jr-v9h2	<0.104.1-r1
L Improper Certificate Validation	<0.104.1-r1
L GHSA-j5w8-q4qc-rx2x	<0.104.0-r1
L GHSA-f6x5-jh6r-wrfv	<0.104.0-r1
L CVE-2025-58181	<0.104.0-r1
L CVE-2025-47914	<0.104.0-r1
H Symlink Following	<0.103.0-r1
M CVE-2025-11579	<0.100.0-r1
L CVE-2025-8959	<0.98.0-r1
M Missing Initialization of Resource	<0.96.1-r1
L CVE-2025-22871	<0.91.0-r1
L Arbitrary Command Injection	<0.90.0-r1
H Integer Overflow or Wraparound	<0.90.0-r1
L CVE-2025-22868	<0.89.0-r1
L CVE-2025-22866	<0.87.0-r1
L Arbitrary Argument Injection	<0.86.1-r2
L Resource Exhaustion	<0.86.1-r2
L CVE-2024-45338	<0.86.1-r1
L CVE-2024-45337	<0.86.0-r1
L CVE-2024-34156	<0.80.1-r0
L CVE-2024-34155	<0.80.1-r0
L CVE-2024-34158	<0.80.1-r0
L CVE-2024-45310	<0.80.0-r1
L CVE-2024-41110	<0.79.3-r1
L CVE-2024-24791	<0.79.2-r1
H CVE-2024-6257	<0.79.1-r1
C CVE-2024-24790	<0.78.0-r1
M CVE-2024-24789	<0.78.0-r1
M CVE-2024-32473	<0.77.0-r1
H Incorrect Resource Transfer Between Spheres	<0.74.7-r3
L CVE-2024-24786	<0.74.7-r2
L CVE-2024-24784	<0.74.7-r1
L CVE-2023-45290	<0.74.7-r1
L CVE-2023-45289	<0.74.7-r1
L CVE-2024-24783	<0.74.7-r1
L CVE-2024-24785	<0.74.7-r1
H Exposure of Resource to Wrong Sphere	<0.74.4-r1
C Directory Traversal	<0.74.4-r0
M Improper Validation of Integrity Check Value	<0.73.4-r2
H CVE-2023-44487	<0.72.0-r1

Vulnerability

Vulnerable Version

Insufficiently Protected Credentials

<0.111.0-r4