pkg:Go/github.com/sigstore/cosign/v2

9 total CVEsMEDIUM6LOW3

✅ Check your installed version

All known vulnerabilities

  • MEDIUM5.5CVE-2026-22703Cosign verification accepts any valid Rekor entry under certain conditions
    from 0, < 2.6.2
  • MEDIUM5.5CVE-2026-22703Cosign verification accepts any valid Rekor entry under certain conditions
    from 0, < 2.6.2
  • MEDIUM4.2CVE-2024-29903Cosign malicious artifacts can cause machine-wide DoS
    from 0, < 2.2.4
  • MEDIUM4.2CVE-2024-29903Cosign malicious artifacts can cause machine-wide DoS
    from 0, < 2.2.4
  • MEDIUM4.2CVE-2024-29902Cosign malicious attachments can cause system-wide denial of service
    from 0, < 2.2.4
  • MEDIUM4.2CVE-2024-29902Cosign malicious attachments can cause system-wide denial of service
    from 0, < 2.2.4
  • LOW3.7CVE-2026-24122Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked
    from 0
  • LOW3.1CVE-2023-46737Cosign vulnerable to possible endless data attack from attacker-controlled registry
    from 0, < 2.2.1
  • LOW3.1CVE-2023-46737Cosign vulnerable to possible endless data attack from attacker-controlled registry
    from 0, < 2.2.1