Trivy Action has a script injection via sourced env file in composite action
Moderate severity
GitHub Reviewed
Published
Feb 18, 2026
in
aquasecurity/trivy-action
•
Updated Feb 19, 2026
Give feedback on Dependabot alerts