Bitnami/cosign — 9 CVEs

HIGH7.1CVE-2022-35929False positive signature verification in cosign

from 0, < 1.10.1

MEDIUM5.5CVE-2026-22703Cosign verification accepts any valid Rekor entry under certain conditions

from 0, < 2.6.2, >= 3.0.0, < 3.0.4

MEDIUM5.5CVE-2022-36056Vulnerabilities with blob verification in sigstore cosign

from 0, < 1.12.0

MEDIUM4.3Cosign's verify-blob-attestation reports false positive when payload parsing fails

from 0, < 2.6.3, >= 3.0.0, < 3.0.6

MEDIUM4.2Cosign vulnerable to machine-wide denial of service via malicious artifacts

from 0, < 2.2.4

MEDIUM4.2Cosign vulnerable to system-wide denial of service via malicious attachments

from 0, < 2.2.4

LOW3.7Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked

from 0, < 3.0.5

LOW3.3Improper Certificate Validation in Cosign

from 0, < 1.5.2

LOW3.1Possible endless data attack from attacker-controlled registry in cosign

from 0, < 2.2.1

pkg:Bitnami/cosign