sigstore Cosign Vulnerabilities

Sigstore Cosign vulnerabilities.

JSON RSS CSV 🔔 Create Alert Trigger

10 January 2026

Vulnerability in Cosign Affects Container Code Signing and Transparency
CVE-2026-22703
SigstoreCosign5.5MEDIUM

10 April 2024

Cosign Patches Denial of Service Vulnerability Affecting All Services on Impacted Machines
CVE-2024-29903
SigstoreCosign7.5HIGH
Cosign Vulnerability Allows Supply-Chain Escalation, Patch Released
CVE-2024-29902
SigstoreCosign5.9MEDIUM

7 November 2023

Possible endless data attack from attacker-controlled registry in cosign
CVE-2023-46737
SigstoreCosign3.1LOW

14 September 2022

Vulnerabilities with blob verification in sigstore cosign
CVE-2022-36056
SigstoreCosign5.5MEDIUM

4 August 2022

False positive signature verification in cosign
CVE-2022-35929
SigstoreCosign7.1HIGH

18 February 2022

Improper Certificate Validation in Cosign
CVE-2022-23649
SigstoreCosign3.3LOW