| CVE-2026-39395 |
unknown |
— |
— |
|
|
|
2mo ago |
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with… |
| CVE-2026-24122 |
unknown |
— |
— |
|
|
|
3mo ago |
Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign |
| CVE-2026-22703 |
unknown |
— |
— |
|
|
|
5mo ago |
Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign |
| CVE-2024-29903 |
unknown |
— |
— |
|
|
|
2y ago |
Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign |
| CVE-2024-29902 |
unknown |
— |
— |
|
|
|
2y ago |
Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign |
| CVE-2023-46737 |
unknown |
— |
— |
|
|
|
3y ago |
Denial of service attack from remote registry in github.com/sigstore/cosign |
| CVE-2022-36056 |
unknown |
— |
— |
|
|
|
4y ago |
Improper blob verification in github.com/sigstore/cosign |
| CVE-2022-35929 |
unknown |
— |
— |
|
|
|
4y ago |
Improper verification of signature attestations in github.com/sigstore/cosign |
| CVE-2022-23649 |
unknown |
— |
— |
|
|
|
4y ago |
Improper certificate validation in github.com/sigstore/cosign |