Lucene search
K

6 matches found

RubySec
RubySec
added 2026/03/11 12:0 a.m.12 views

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...

7.5CVSS6AI score0.00217EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-4090

Malicious code in bioql PyPI...

6.3CVSS6.4AI score0.00375EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/14 6:52 p.m.10 views

CVE-2025-25204

gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...

6.3CVSS6.3AI score0.00375EPSS
Exploits0References6
OSV
OSV
added 2025/02/14 5:19 p.m.11 views

GHSA-FGW4-V983-MGP8 `gh attestation verify` returns incorrect exit code during verification if no attestations are present

Summary A bug in GitHub's Artifact Attestation CLI tool, gh attestation verify, may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact...

6.3CVSS6.4AI score0.00375EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/02/14 5:19 p.m.18 views

`gh attestation verify` returns incorrect exit code during verification if no attestations are present

Summary A bug in GitHub's Artifact Attestation CLI tool, gh attestation verify, may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact...

6.3CVSS7AI score0.00375EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2025/02/14 4:38 p.m.8 views

CVE-2025-25204

gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...

6.3CVSS7.1AI score0.00375EPSS
Exploits0
Rows per page
Query Builder