Tough
This hub aggregates every CVE we track for Tough, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
0
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM7HIGH3
Monthly trend
0
0
0
0
0
0
0
0
4
0
0
0
0
0
0
0
0
0
0
0
0
3
0
0
2024-072026-06
Latest CVEs
The 10 most recently published vulnerabilities affecting Tough.
- CVE-2026-6968Multiple Path Traversal Variants in awslabs/tough5.9
- CVE-2026-6967Missing Delegated Metadata Validation in awslabs/tough5.9
- CVE-2026-6966Signature Threshold Bypass in awslabs/tough Delegated Roles5.3
- CVE-2025-2888Improper timestamp caching during snapshot rollback in tough4.5
- CVE-2025-2887Failure to detect delegated target rollback in tough4.5
- CVE-2025-2886Terminating targets role delegations are not respected in tough4.5
- CVE-2025-2885Root metadata version not validated in tough4.5
- CVE-2021-41150Improper sanitization of delegated role names in tough8.2
- CVE-2021-41149Improper sanitization of target names in tough8.2
- CVE-2020-15093Improper verification of signature threshold in tough8.6
Product normalization is registry-driven with AI assist and human review. How it works