Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go

github.com/sigstore/cosign

go

View on github.com · View on proxy.golang.org

Security Advisories for github.com/sigstore/cosign in go

Moderate
over 1 year ago

Cosign malicious artifacts can cause machine-wide DoS GSA_kwCzR0hTQS05NXByLWZ4ZjUtODZnds4AA67e

go github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Moderate
over 1 year ago

Cosign malicious attachments can cause system-wide denial of service GSA_kwCzR0hTQS04OGp4LTM4M3EtdzRxY84AA67d

go github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Moderate
about 3 years ago

Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature GSA_kwCzR0hTQS04Z3c3LTRqNDItdzM4OM4AAu1s

go github.com/sigstore/cosign
High
about 3 years ago

cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists GSA_kwCzR0hTQS12anh2LTQ1ZzktOTI5Ns4AAt51

go github.com/sigstore/cosign
Low
over 3 years ago

Improper Certificate Validation in Cosign GSA_kwCzR0hTQS1jY3hjLXZyNnAtNDg1OM0uIg

go github.com/sigstore/cosign

Filter by Severity

Moderate 3 Low 1 High 1