github.com/sigstore/gitsign Security Advisories - Go | Ecosyste.ms: Advisories

github.com/sigstore/gitsign

View on github.com · View on proxy.golang.org

Security Advisories for github.com/sigstore/gitsign in go

Low

12 months ago

gitsign may use incorrect Rekor entries during verification GSA_kwCzR0hTQS04cG1wLTY3OHctYzh4eM4ABA-V

go github.com/sigstore/gitsign

Moderate

almost 2 years ago

Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. GSA_kwCzR0hTQS14dnJjLTJ3dmgtNDl2Y84AA3Ht

go github.com/sigstore/gitsign

Filter by Severity

Moderate 1 Low 1