| CVE-2026-39395 |
unknown |
— |
— |
|
|
|
2mo ago |
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with… |
| CVE-2026-24122 |
unknown |
— |
— |
|
|
|
4mo ago |
Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be conside… |
| CVE-2026-22703 |
unknown |
— |
— |
|
|
|
5mo ago |
Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Reko… |
| CVE-2024-29903 |
unknown |
— |
— |
|
|
|
2y ago |
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign the… |
| CVE-2024-29902 |
unknown |
— |
— |
|
|
|
2y ago |
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running C… |
| CVE-2023-46737 |
unknown |
— |
— |
|
|
|
3y ago |
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high num… |
| CVE-2022-36056 |
unknown |
— |
— |
|
|
|
4y ago |
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-bl… |
| CVE-2022-35929 |
unknown |
— |
— |
|
|
|
4y ago |
cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `--type` fl… |
| CVE-2022-23649 |
unknown |
— |
— |
|
|
|
4y ago |
Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exis… |
