Vulnerabilities > Sigstore > Cosign > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-04-10 CVE-2024-29902 Allocation of Resources Without Limits or Throttling vulnerability in Sigstore Cosign
Cosign provides code signing and transparency for containers and binaries.
network
high complexity
sigstore CWE-770
5.9
5.9
2023-11-07 CVE-2023-46737 Infinite Loop vulnerability in Sigstore Cosign
Cosign is a sigstore signing tool for OCI containers.
network
low complexity
sigstore CWE-835
5.3
5.3
2022-09-14 CVE-2022-36056 Unspecified vulnerability in Sigstore Cosign
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure.
local
low complexity
sigstore
5.5
5.5