Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go

github.com/sigstore/cosign

go

View on github.com · View on proxy.golang.org

Security Advisories for github.com/sigstore/cosign in go

Moderate
about 2 months ago

Cosign's verify-blob-attestation reports false positive when payload parsing fails GSA_kwCzR0hTQS13NmM2LWM4NWctbW12Ns4ABU3f

go github.com/sigstore/cosign
Low
3 months ago

Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped GSA_kwCzR0hTQS13ZnF2LTY2dnEtNDZybc4ABSnH

go github.com/sigstore/cosign
Moderate
about 2 years ago

Cosign malicious artifacts can cause machine-wide DoS GSA_kwCzR0hTQS05NXByLWZ4ZjUtODZnds4AA67e

go github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Moderate
about 2 years ago

Cosign malicious attachments can cause system-wide denial of service GSA_kwCzR0hTQS04OGp4LTM4M3EtdzRxY84AA67d

go github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Moderate
over 3 years ago

Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature GSA_kwCzR0hTQS04Z3c3LTRqNDItdzM4OM4AAu1s

go github.com/sigstore/cosign
High
almost 4 years ago

cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists GSA_kwCzR0hTQS12anh2LTQ1ZzktOTI5Ns4AAt51

go github.com/sigstore/cosign
Low
over 4 years ago

Improper Certificate Validation in Cosign GSA_kwCzR0hTQS1jY3hjLXZyNnAtNDg1OM0uIg

go github.com/sigstore/cosign

Filter by Severity

Moderate 4 Low 2 High 1