| CVE-2026-6967 |
medium |
6.5 |
6.5 |
|
|
|
1mo ago |
awslabs/tough is Missing Delegated Metadata Validation |
| CVE-2026-6966 |
medium |
6.5 |
6.5 |
|
|
|
1mo ago |
awslabs/tough Delegated Roles have a Signature Threshold Bypass |
| CVE-2025-2886 |
unknown |
— |
— |
|
|
|
1y ago |
tough terminating targets role delegations are not respected |
| CVE-2025-2885 |
unknown |
— |
— |
|
|
|
1y ago |
tough root metadata version is not checked for sequential versioning |
| CVE-2025-2888 |
unknown |
— |
— |
|
|
|
1y ago |
tough timestamp metadata is cached when it fails snapshot rollback check |
| CVE-2025-2887 |
unknown |
— |
— |
|
|
|
1y ago |
tough failure to detect delegated target rollback |
| CVE-2021-41150 |
unknown |
— |
— |
|
|
|
5y ago |
Improper sanitization of delegated role names |
| CVE-2021-41149 |
unknown |
— |
— |
|
|
|
5y ago |
Improper sanitization of target names |
| CVE-2020-15093 |
unknown |
— |
— |
|
|
|
6y ago |
Improper uniqueness verification of signature threshold |
