16 Total advisories
16 Vulnerabilities
0 Malware
Vulnerabilities
MEDIUM 4.3
CVE-2026-39395
Cosign's verify-blob-attestation reports false positive when payload parsing fails
UNKNOWN
CVE-2026-24122
Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
LOW 3.7
CVE-2026-24122
Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped
LOW 3.1
CVE-2023-46737
Cosign vulnerable to possible endless data attack from attacker-controlled registry
UNKNOWN
CVE-2023-46737
Denial of service attack from remote registry in github.com/sigstore/cosign
MEDIUM 4.2
CVE-2024-29902
Cosign malicious attachments can cause system-wide denial of service
UNKNOWN
CVE-2024-29902
Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
UNKNOWN
CVE-2026-22703
Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
MEDIUM 4.2
CVE-2024-29903
Cosign malicious artifacts can cause machine-wide DoS
UNKNOWN
CVE-2024-29903
Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
MEDIUM 5.5
CVE-2022-36056
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature
UNKNOWN
CVE-2022-36056
Improper blob verification in github.com/sigstore/cosign
UNKNOWN
CVE-2022-35929
Improper verification of signature attestations in github.com/sigstore/cosign
UNKNOWN
CVE-2022-23649
Improper certificate validation in github.com/sigstore/cosign
HIGH 7.1
CVE-2022-35929
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists
LOW 3.3
CVE-2022-23649
Improper Certificate Validation in Cosign
Ready to move
Start Securing
Free, no credit card | First findings in minutes