Package impact
Go / github.com/sigstore/cosign/v2
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24122 | unknown | — | — | 3mo ago | Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign | |||
| CVE-2026-22703 | unknown | — | — | 5mo ago | Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign | |||
| CVE-2024-29903 | unknown | — | — | 2y ago | Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign | |||
| CVE-2024-29902 | unknown | — | — | 2y ago | Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign | |||
| CVE-2023-46737 | unknown | — | — | 3y ago | Denial of service attack from remote registry in github.com/sigstore/cosign |