grype | Snyk

Direct Vulnerabilities

Known vulnerabilities in the grype package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Incorrect Type Conversion or Cast	<0.112.0-r6
L Integer Overflow or Wraparound	<0.112.0-r6
L CVE-2026-39830	<0.112.0-r6
L CVE-2026-39831	<0.112.0-r6
L Improper Enforcement of Message Integrity During Transmission in a Communication Channel	<0.112.0-r6
L Deserialization of Untrusted Data	<0.112.0-r6
L CVE-2026-39829	<0.112.0-r6
L Improper Certificate Validation	<0.112.0-r6
L GHSA-fqw6-gf59-qr4w	<0.112.0-r4
L CVE-2026-46680	<0.112.0-r4
L Improper Encoding or Escaping of Output	<0.112.0-r3
L GHSA-m7cr-m3pv-hgrp	<0.112.0-r3
L Directory Traversal	<0.112.0-r3
L GHSA-crhj-59gh-8x96	<0.112.0-r3
L GHSA-389r-gv7p-r3rp	<0.112.0-r2
L Incorrect Behavior Order: Validate Before Canonicalize	<0.112.0-r2
H Insufficiently Protected Credentials	<0.111.0-r4
L GHSA-3xc5-wrhm-f963	<0.111.0-r4
L GHSA-xmrv-pmrh-hhx2	<0.111.0-r3
L CVE-2026-4660	<0.111.0-r3
L GHSA-92mm-2pjq-r785	<0.111.0-r3
L GHSA-hfvc-g4fc-pqhx	<0.111.0-r1
H Untrusted Search Path	<0.111.0-r1
L Uncaught Exception	<0.110.0-r2
L GHSA-78h2-9frx-2jm8	<0.110.0-r2
L GHSA-gm2x-2g9h-ccm8	<0.110.0-r1
L Improper Validation of Array Index	<0.110.0-r1
L GHSA-jhf3-xxhw-2wpp	<0.110.0-r1
L Integer Underflow	<0.110.0-r1
L GHSA-p77j-4mvh-x3m3	<0.110.0-r0
L Improper Authorization	<0.110.0-r0
L GHSA-x4rx-4gw3-53p4	<0.96.1-r1
L GHSA-6v2p-p543-phr9	<0.89.0-r1
L GHSA-pwhc-rpq9-4c8w	<0.103.0-r1
M Missing Initialization of Resource	<0.96.1-r1
C CVE-2025-68121	<0.107.1-r1
L CVE-2025-22868	<0.89.0-r1
L CVE-2025-61732	<0.107.1-r1
H Incorrect Execution-Assigned Permissions	<0.103.0-r1
L GHSA-fv92-fjc5-jj9h	<0.94.0-r1
L GHSA-9763-4f94-gfch	<0.90.0-r1
L CVE-2024-34156	<0.80.1-r0
L GHSA-g9pc-8g42-g6vq	<0.91.0-r1
L CVE-2025-22871	<0.91.0-r1
L GHSA-265r-hfxg-fhmg	<0.90.0-r1
L CVE-2024-45338	<0.86.1-r1
C CVE-2026-1229	<0.109.0-r1
L Improper Certificate Validation	<0.104.1-r1
L GHSA-cgrx-mc8f-2prm	<0.103.0-r1
L GHSA-2cgq-h8xw-2v5j	<0.90.0-r1
L GHSA-3whm-j4xm-rv8x	<0.87.0-r1
L Arbitrary Argument Injection	<0.86.1-r2
L GHSA-f6x5-jh6r-wrfv	<0.104.0-r1
H Symlink Following	<0.103.0-r1
L GHSA-9h8m-3fm2-qjrq	<0.109.0-r2
L GHSA-w32m-9786-jp63	<0.86.1-r1
L GHSA-h355-32pf-p2xm	<0.107.1-r1
L GHSA-37cx-329c-33x3	<0.108.0-r0
L GHSA-crqm-pwhx-j97f	<0.80.1-r0
L CVE-2025-22866	<0.87.0-r1
L GHSA-7c64-f9jr-v9h2	<0.104.1-r1
M Memory Leak	<0.103.0-r1
M CVE-2025-11579	<0.100.0-r1
L GHSA-v725-9546-7q7m	<0.86.1-r2
L GHSA-v778-237x-gjrc	<0.86.0-r1
L CVE-2024-45337	<0.86.0-r1
L CVE-2025-8959	<0.98.0-r1
L CVE-2024-34158	<0.80.1-r0
L GHSA-wjrx-6529-hcj3	<0.98.0-r1
M Improper Validation of Integrity Check Value	<0.108.0-r0
L CVE-2025-47914	<0.104.0-r1
L GHSA-8jvr-vh7g-f8gx	<0.107.1-r1
L GHSA-j7vj-rw65-4v26	<0.80.1-r0
L Arbitrary Command Injection	<0.90.0-r1
H Integer Overflow or Wraparound	<0.90.0-r1
L GHSA-m6hq-p25p-ffr2	<0.103.0-r1
L GHSA-r9px-m959-cxf4	<0.86.1-r2
L GHSA-rwvp-r38j-9rgg	<0.100.0-r1
L GHSA-j5w8-q4qc-rx2x	<0.104.0-r1
L GHSA-q9hv-hpm4-hj6x	<0.109.0-r1
L CVE-2025-58181	<0.104.0-r1
L GHSA-8xfx-rj4p-23jm	<0.80.1-r0
L Resource Exhaustion	<0.86.1-r2
L Untrusted Search Path	<0.109.0-r2
L CVE-2024-34155	<0.80.1-r0
L CVE-2024-45310	<0.80.0-r1
L CVE-2024-41110	<0.79.3-r1
L CVE-2024-24791	<0.79.2-r1
H CVE-2024-6257	<0.79.1-r1
C CVE-2024-24790	<0.78.0-r1
M CVE-2024-24789	<0.78.0-r1
M CVE-2024-32473	<0.77.0-r1
H Incorrect Resource Transfer Between Spheres	<0.74.7-r3
L CVE-2024-24786	<0.74.7-r2
L CVE-2023-45290	<0.74.7-r1
L CVE-2023-45289	<0.74.7-r1
L CVE-2024-24784	<0.74.7-r1
L CVE-2024-24783	<0.74.7-r1
L CVE-2024-24785	<0.74.7-r1
H Exposure of Resource to Wrong Sphere	<0.74.4-r1
C Directory Traversal	<0.74.4-r0
M Improper Validation of Integrity Check Value	<0.73.4-r2
H CVE-2023-44487	<0.72.0-r1

Vulnerability

Vulnerable Version

Incorrect Type Conversion or Cast

<0.112.0-r6