Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

debian

cosign

debian

Security Advisories for cosign in debian

Repackage
Moderate
about 2 years ago

Cosign malicious artifacts can cause machine-wide DoS GSA_kwCzR0hTQS05NXByLWZ4ZjUtODZnds4AA67e

go github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Repackage
Moderate
about 2 years ago

Cosign malicious attachments can cause system-wide denial of service GSA_kwCzR0hTQS04OGp4LTM4M3EtdzRxY84AA67d

go github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Repackage
Low
over 2 years ago

Cosign vulnerable to possible endless data attack from attacker-controlled registry GSA_kwCzR0hTQS12ZnA2LWpydzItOTlnOc4AA2_S

go github.com/sigstore/cosign/v2
Repackage
Moderate
over 3 years ago

Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature GSA_kwCzR0hTQS04Z3c3LTRqNDItdzM4OM4AAu1s

go github.com/sigstore/cosign
Repackage
High
almost 4 years ago

cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists GSA_kwCzR0hTQS12anh2LTQ1ZzktOTI5Ns4AAt51

go github.com/sigstore/cosign
Repackage
Low
over 4 years ago

Improper Certificate Validation in Cosign GSA_kwCzR0hTQS1jY3hjLXZyNnAtNDg1OM0uIg

go github.com/sigstore/cosign

Filter by Severity

Moderate 3 Low 2 High 1