Github.com/sigstore/cosign
This hub aggregates every CVE we track for Github.com/sigstore/cosign, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
LOW3MEDIUM3HIGH1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Github.com/sigstore/cosign.
- CVE-2026-24122Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked3.7
- CVE-2024-29903Cosign vulnerable to machine-wide denial of service via malicious artifacts4.2
- CVE-2024-29902Cosign vulnerable to system-wide denial of service via malicious attachments4.2
- CVE-2023-46737Possible endless data attack from attacker-controlled registry in cosign3.1
- CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign5.5
- CVE-2022-35929False positive signature verification in cosign7.1
- CVE-2022-23649Improper Certificate Validation in Cosign3.3
Product normalization is registry-driven with AI assist and human review. How it works