pkg:Go/github.com/sigstore/cosign

All known vulnerabilities

• HIGH7.1CVE-2022-35929False positive signature verification in cosign
  from 0, < 1.10.1
• HIGH7.1CVE-2022-35929False positive signature verification in cosign
  from 0, < 1.10.1
• MEDIUM5.5CVE-2026-22703Cosign verification accepts any valid Rekor entry under certain conditions
  from 0
• MEDIUM5.5Vulnerabilities with blob verification in sigstore cosign
  from 0, < 1.12.0
• MEDIUM5.5Vulnerabilities with blob verification in sigstore cosign
  from 0, < 1.12.0
• MEDIUM4.3Cosign's verify-blob-attestation reports false positive when payload parsing fails
  >= 3.0.0, < 3.0.6
• MEDIUM4.2Cosign vulnerable to machine-wide denial of service via malicious artifacts
  from 0, <= 2.2.3
• MEDIUM4.2Cosign vulnerable to machine-wide denial of service via malicious artifacts
  from 0
• MEDIUM4.2Cosign vulnerable to system-wide denial of service via malicious attachments
  from 0, <= 2.2.3
• MEDIUM4.2Cosign vulnerable to system-wide denial of service via malicious attachments
  from 0
• LOW3.7Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked
  from 0
• LOW3.7Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked
  from 0, < 3.0.5
• LOW3.3Improper Certificate Validation in Cosign
  from 0, < 1.5.2
• LOW3.3Improper Certificate Validation in Cosign
  from 0, < 1.5.2
• LOW3.1Possible endless data attack from attacker-controlled registry in cosign
  from 0
• LOW3.1Possible endless data attack from attacker-controlled registry in cosign
  from 0, < 1.13.2