Github.com/sigstore/cosign/v2
This hub aggregates every CVE we track for Github.com/sigstore/cosign/v2, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
0
Critical
0
High
0
In CISA KEV
Severity distribution
MEDIUM3LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
2024-072026-06
Latest CVEs
The 4 most recently published vulnerabilities affecting Github.com/sigstore/cosign/v2.
- CVE-2026-22703Cosign verification accepts any valid Rekor entry under certain conditions5.5
- CVE-2024-29903Cosign vulnerable to machine-wide denial of service via malicious artifacts4.2
- CVE-2024-29902Cosign vulnerable to system-wide denial of service via malicious attachments4.2
- CVE-2023-46737Possible endless data attack from attacker-controlled registry in cosign3.1
Product normalization is registry-driven with AI assist and human review. How it works