Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

sigstore

7 Products 15 CVEs

CVE Severity Distribution (All Time)

Critical
0
High
3
Medium
6
Low
3

Timeline Overview

Last 30 Days 0 CVEs
Last 6 Months 0 CVEs
Last Year 5 CVEs

Products

View all

cosign

7 Versions 6 CVEs

gitsign

3 Versions 2 CVEs

sigstore-java

4 Versions 2 CVEs

rekor

2 Versions 2 CVEs

policy-controller

1 Version 1 CVE

Recent CVEs

View all
CVE-2024-55655 UNKNOWN 7 months ago

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 pe…

CVE-2024-54140 UNKNOWN 7 months ago

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation whe…

CVE-2024-53267 MEDIUM 7 months, 2 weeks ago

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation whe…

CVE-2024-51746 UNKNOWN 8 months ago

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use dur…

CVE-2024-45395 LOW 10 months, 1 week ago

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verif…