grype | Snyk

Direct Vulnerabilities

Known vulnerabilities in the grype package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-hfvc-g4fc-pqhx	<0.111.0-r1
H Untrusted Search Path	<0.111.0-r1
L Uncaught Exception	<0.110.0-r2
L GHSA-78h2-9frx-2jm8	<0.110.0-r2
L GHSA-gm2x-2g9h-ccm8	<0.110.0-r1
L Improper Validation of Array Index	<0.110.0-r1
L GHSA-jhf3-xxhw-2wpp	<0.110.0-r1
L Integer Underflow	<0.110.0-r1
L GHSA-p77j-4mvh-x3m3	<0.110.0-r0
L Improper Authorization	<0.110.0-r0
L GHSA-x4rx-4gw3-53p4	<0.96.1-r1
L GHSA-6v2p-p543-phr9	<0.89.0-r1
L GHSA-pwhc-rpq9-4c8w	<0.103.0-r1
M Missing Initialization of Resource	<0.96.1-r1
C CVE-2025-68121	<0.107.1-r1
L CVE-2025-22868	<0.89.0-r1
L CVE-2025-61732	<0.107.1-r1
H Incorrect Execution-Assigned Permissions	<0.103.0-r1
L GHSA-fv92-fjc5-jj9h	<0.94.0-r1
L GHSA-9763-4f94-gfch	<0.90.0-r1
L CVE-2024-34156	<0.80.1-r0
L GHSA-g9pc-8g42-g6vq	<0.91.0-r1
L CVE-2025-22871	<0.91.0-r1
L GHSA-265r-hfxg-fhmg	<0.90.0-r1
L CVE-2024-45338	<0.86.1-r1
C CVE-2026-1229	<0.109.0-r1
L Improper Certificate Validation	<0.104.1-r1
L GHSA-cgrx-mc8f-2prm	<0.103.0-r1
L GHSA-2cgq-h8xw-2v5j	<0.90.0-r1
L GHSA-3whm-j4xm-rv8x	<0.87.0-r1
L Arbitrary Argument Injection	<0.86.1-r2
L GHSA-f6x5-jh6r-wrfv	<0.104.0-r1
H Symlink Following	<0.103.0-r1
L GHSA-9h8m-3fm2-qjrq	<0.109.0-r2
L GHSA-w32m-9786-jp63	<0.86.1-r1
L GHSA-h355-32pf-p2xm	<0.107.1-r1
L GHSA-37cx-329c-33x3	<0.108.0-r0
L GHSA-crqm-pwhx-j97f	<0.80.1-r0
L CVE-2025-22866	<0.87.0-r1
L GHSA-7c64-f9jr-v9h2	<0.104.1-r1
M Memory Leak	<0.103.0-r1
M CVE-2025-11579	<0.100.0-r1
L GHSA-v725-9546-7q7m	<0.86.1-r2
L GHSA-v778-237x-gjrc	<0.86.0-r1
L CVE-2024-45337	<0.86.0-r1
L CVE-2025-8959	<0.98.0-r1
L CVE-2024-34158	<0.80.1-r0
L GHSA-wjrx-6529-hcj3	<0.98.0-r1
M Improper Validation of Integrity Check Value	<0.108.0-r0
L CVE-2025-47914	<0.104.0-r1
L GHSA-8jvr-vh7g-f8gx	<0.107.1-r1
L GHSA-j7vj-rw65-4v26	<0.80.1-r0
L Arbitrary Command Injection	<0.90.0-r1
H Integer Overflow or Wraparound	<0.90.0-r1
L GHSA-m6hq-p25p-ffr2	<0.103.0-r1
L GHSA-r9px-m959-cxf4	<0.86.1-r2
L GHSA-rwvp-r38j-9rgg	<0.100.0-r1
L GHSA-j5w8-q4qc-rx2x	<0.104.0-r1
L GHSA-q9hv-hpm4-hj6x	<0.109.0-r1
L CVE-2025-58181	<0.104.0-r1
L GHSA-8xfx-rj4p-23jm	<0.80.1-r0
L Resource Exhaustion	<0.86.1-r2
L Untrusted Search Path	<0.109.0-r2
L CVE-2024-34155	<0.80.1-r0
L CVE-2024-45310	<0.80.0-r1
L GHSA-jfvp-7x6p-h2pv	<0.80.0-r1
L GHSA-v23v-6jw2-98fq	<0.79.3-r1
L CVE-2024-41110	<0.79.3-r1
L GHSA-hw49-2p59-3mhj	<0.79.2-r1
L CVE-2024-24791	<0.79.2-r1
H CVE-2024-6257	<0.79.1-r1
L GHSA-xfhp-jf8p-mh5w	<0.79.1-r1
L GHSA-236w-p7wf-5ph8	<0.78.0-r1
L GHSA-49gw-vxvf-fc2g	<0.78.0-r1
C CVE-2024-24790	<0.78.0-r1
M CVE-2024-24789	<0.78.0-r1
L GHSA-x84c-p2g9-rqv9	<0.77.0-r1
M CVE-2024-32473	<0.77.0-r1
L GHSA-mq39-4gv4-mvpx	<0.74.7-r3
H Incorrect Resource Transfer Between Spheres	<0.74.7-r3
L GHSA-8r3f-844c-mc37	<0.74.7-r2
L CVE-2024-24786	<0.74.7-r2
L CVE-2023-45290	<0.74.7-r1
L CVE-2023-45289	<0.74.7-r1
L GHSA-fgq5-q76c-gx78	<0.74.7-r1
L CVE-2024-24784	<0.74.7-r1
L GHSA-j6m3-gc37-6r6q	<0.74.7-r1
L CVE-2024-24783	<0.74.7-r1
L GHSA-3q2c-pvp5-3cqp	<0.74.7-r1
L CVE-2024-24785	<0.74.7-r1
L GHSA-32ch-6x54-q4h9	<0.74.7-r1
L GHSA-rr6r-cfgf-gc6h	<0.74.7-r1
L GHSA-xr7r-f8xq-vfvv	<0.74.4-r1
L GHSA-hpxr-w9w7-g4gv	<0.74.4-r0
H Exposure of Resource to Wrong Sphere	<0.74.4-r1
C Directory Traversal	<0.74.4-r0
L GHSA-45x7-px36-x8w8	<0.73.4-r2
M Improper Validation of Integrity Check Value	<0.73.4-r2
L GHSA-7ww5-4wqc-m92c	<0.73.4-r2
L GHSA-qppj-fm5r-hxr3	<0.72.0-r1
H CVE-2023-44487	<0.72.0-r1

Vulnerability

Vulnerable Version

GHSA-hfvc-g4fc-pqhx

<0.111.0-r1