aquasecurityofficial.trivy-vulnerability-scanner @1.8.13
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-2230
Ecosystem
vscode
Summary
This extension is a compromised version of the offical Trivy VSCode extension available on the Microsoft Marketplace. Versions 1.8.11 and earlier uploaded to OpenVSX are non-malicious. Malicious behavior was added in v1.8.12 and further refined in v1.8.13. The extension attempts to run various AI tools with a prompt designed to gather sensitive information, and publish it via a GitHub repository.
Source: google-open-source-security (b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.