Merge pull request #2473 from IABTechLab/bmz-UID2-6864-upgrade-libpng

BehnamMozafari · web-flow · commit 4f7d21039321 · 2026-04-02T08:28:09.000+11:00
UID2-6837: Silence CVE-2026-33416 and CVE-2026-33636 (libpng) in .trivyignore
diff --git a/.trivyignore b/.trivyignore
@@ -33,4 +33,9 @@ CVE-2026-32776 exp:2026-04-25
 # Trivy reports CVE-2026-32776 with transposed digits (32767 instead of 32776) - this is a known Trivy bug
 # See: https://github.com/aquasecurity/trivy/discussions/10412 and UID2-6806
 # This entry can be removed once Trivy fixes the typo
-CVE-2026-32767 exp:2026-04-25
+CVE-2026-32767 exp:2026-04-25
+
+# libpng use-after-free and OOB read/write in Alpine base image - not used by our Java services
+# See: UID2-6837
+CVE-2026-33416 exp:2026-05-01
+CVE-2026-33636 exp:2026-05-01
