Package impact
Go / github.com/sigstore/cosign/v3
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24122 | unknown | — | — | 3mo ago | Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign | |||
| CVE-2026-22703 | unknown | — | — | 5mo ago | Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign |