MAL-2026-2230

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/vscode:open-vsx.org/aquasecurityofficial.trivy-vulnerability-scanner/MAL-2026-2230.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-2230
Published
2026-03-26T04:00:51Z
Modified
2026-03-26T04:47:00.176389Z
Summary
Malicious code in aquasecurityofficial.trivy-vulnerability-scanner (VSCode:https://open-vsx.org)
Details

-= Per source details. Do not edit below this line.=-

Source: google-open-source-security (b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b)

This extension is a compromised version of the offical Trivy VSCode extension available on the Microsoft Marketplace. Versions 1.8.11 and earlier uploaded to OpenVSX are non-malicious. Malicious behavior was added in v1.8.12 and further refined in v1.8.13.

The extension attempts to run various AI tools with a prompt designed to gather sensitive information, and publish it via a GitHub repository.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b",
            "source": "google-open-source-security",
            "versions": [
                "1.8.12",
                "1.8.13"
            ],
            "modified_time": "2026-03-26T04:00:51Z",
            "import_time": "2026-03-26T04:01:36.072549Z"
        }
    ]
}
References

Affected packages

VSCode:https://open-vsx.org / aquasecurityofficial.trivy-vulnerability-scanner

Package

Name
aquasecurityofficial.trivy-vulnerability-scanner

Affected ranges

Affected versions

1.*
1.8.12
1.8.13

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/vscode:open-vsx.org/aquasecurityofficial.trivy-vulnerability-scanner/MAL-2026-2230.json"