Vulnerabilities > Sigstore
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-10 | CVE-2023-47122 | Improper Verification of Cryptographic Signature vulnerability in Sigstore Gitsign 0.6.0/0.7.0/0.7.1 Gitsign is software for keyless Git signing using Sigstore. | 5.3 |
2023-11-07 | CVE-2023-46737 | Infinite Loop vulnerability in Sigstore Cosign Cosign is a sigstore signing tool for OCI containers. | 5.3 |
2022-02-18 | CVE-2022-23649 | Improper Certificate Validation vulnerability in Sigstore Cosign Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. | 2.1 |