Linux Distros Unpatched Vulnerability : CVE-2026-39395

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a...

cosign 代码问题漏洞

Cosign is a container signature, verification, and storage mechanism in the OCI registry of Sigstore, a open-source project in the United States. Versions of Cosign prior to 3.0.6 and 2.6.3 contained code vulnerabilities. These vulnerabilities stemmed from logical flaws related to incorrectly...

EUVD-2026-11198

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...

Linux Distros Unpatched Vulnerability : CVE-2026-24122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires befo...

EUVD-2026-1868

Cosign verification accepts any valid Rekor entry under certain conditions...

Cosign verification accepts any valid Rekor entry under certain conditions

Impact A Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor entry, Cosign verifies the Rekor entry signature, and also compares the artifact's digest, the user's...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the VerifyBundle function in the verify.go file. An attacker can bypass artifact integrity checks by crafting a bundle that includes any arbitrary Rekor entry, allowing successful...

CVE-2026-22703

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

Linux Distros Unpatched Vulnerability : CVE-2026-22703

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verif...

cosign 数据伪造问题漏洞

cosign is a container signing, verification and storage in an OCI registry in the United States. A data forgery issue vulnerability exists in Cosign versions prior to 2.6.2 and prior to 3.0.4, which stems from a specially crafted Cosign package being able to validate successfully even if the...

CVE-2022-23649

Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and...

PT-2026-2253

Name of the Vulnerable Software and Affected Versions Cosign versions prior to 2.6.2 and 3.0.4 Description Cosign is a tool providing code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, a crafted Cosign bundle could successfully verify an artifact even if...

EUVD-2007-2228

Malware in sbrugna...

EUVD-2023-3044

Malicious code in bioql PyPI...

EUVD-2024-1167

Malicious code in bioql PyPI...

EUVD-2022-0958

Malicious code in bioql PyPI...

CVE-2024-29903 Cosign vulnerable to machine-wide denial of service via malicious artifacts

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

CVE-2024-29903

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

PT-2023-36204 · Cosign +1 · Cosign +1

Name of the Vulnerable Software and Affected Versions: cosign affected versions not specified Description: The issue is related to a security release in the go 1.20 package. The cosign package has been rebuilt with this security release to address the issue. No information is provided about the...

SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2022:3486-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3486-1 advisory. - Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versio...