Package impact
GO / github.com/sigstore/gitsign
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44310 | medium | 5.4 | 5.4 | 14d ago | gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers | |||
| CVE-2026-44309 | medium | 5.3 | 5.3 | 14d ago | gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits |