sigstore Summary
Latest vulnerabilities published by sigstore
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Input Validation Flaw in Sigstore Timestamp Authority Affects Multiple Versions
CVE-2025-66564SigstoreTimestamp-authority7.5HIGHParsing Vulnerability in Fulcio Certificate Authority from Sigstore
CVE-2025-66506SigstoreFulcio7.5HIGHInsufficient Integration Time Validation in sigstore-python Prior to 3.6.0
CVE-2024-55655SigstoreInvalid Signature for a Checkpoint
CVE-2024-54140SigstoreSigstore-javaInsufficient Verification for Mismatched Bundles in sigstore-java Leads to Vulnerability
CVE-2024-53267SigstoreSigstore-java5.5MEDIUMGitsign Sigstore Vulnerability Could Lead to Signature Verification Bypass
CVE-2024-51746SigstoreGitsignSigstore Go Library Vulnerable to Denial of Service Attack
CVE-2024-45395SigstoreSigstore-go7.5HIGHCosign Patches Denial of Service Vulnerability Affecting All Services on Impacted Machines
CVE-2024-29903SigstoreCosign7.5HIGHCosign Vulnerability Allows Supply-Chain Escalation, Patch Released
CVE-2024-29902SigstoreCosign5.9MEDIUMGitsign's Rekor public keys fetched from upstream API instead of local TUF client.
CVE-2023-47122SigstoreGitsign4.2MEDIUMPossible endless data attack from attacker-controlled registry in cosign
CVE-2023-46737SigstoreCosign3.1LOWmalformed proposed intoto v0.0.2 entries can cause a panic in Rekor
CVE-2023-33199sigstorerekor5.3MEDIUMRekor's compressed archives can result in OOM conditions
CVE-2023-30551SigstoreRekor7.5HIGHVulnerabilities with blob verification in sigstore cosign
CVE-2022-36056SigstoreCosign5.5MEDIUMAbility to bypass attestation verification in sigstore PolicyController
CVE-2022-35930SigstorePolicy-controller7.1HIGHFalse positive signature verification in cosign
CVE-2022-35929SigstoreCosign7.1HIGHImproper Certificate Validation in Cosign
CVE-2022-23649SigstoreCosign3.3LOW