| CVE-2026-24686 |
unknown |
— |
— |
|
|
|
4mo ago |
go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses the map file repository name string (`repoName`) as a filesystem path component when selecting the lo… |
| CVE-2026-23992 |
unknown |
— |
— |
|
|
|
4mo ago |
go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signa… |
| CVE-2026-23991 |
unknown |
— |
— |
|
|
|
4mo ago |
go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (val… |
| CVE-2024-47534 |
unknown |
— |
— |
|
|
|
2y ago |
go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", th… |