CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

83 matches found

CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.4AI score0.00013EPSS

Exploits0References1

RedhatCVE•added yesterday•4 views

CVE-2026-44310

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

5.4CVSS5.5AI score0.00028EPSS

Exploits0References1

Wolfi•added 2026/05/29 7:48 p.m.•13 views

CVE-2026-42508 vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater, istio, mattermost, terragrunt, argo-events, k3s, containerd, gitsign, loki, guac, telegraf...

9.1CVSS5.4AI score0.00038EPSS

Exploits0

Chainguard•added 2026/05/29 7:38 p.m.•9 views

CVE-2026-42508 vulnerabilities

Vulnerabilities for packages: mattermost, argocd-image-updater, mattermost-fips, traefik-fips, gitlab-rails-ce-fips, zitadel, k3s, telegraf, gitlab-rails-ce, traefik, istio, knative-kafka-broker, containerd, gitsign, guac, argo-events-fips, argo-cd-fips, flux, kyverno-fips, terragrunt, kubernetes...

9.1CVSS5.4AI score0.00038EPSS

Exploits0

SUSE CVE•added 2026/05/18 1:21 p.m.•5 views

SUSE CVE-2026-44309

5.3CVSS5.8AI score0.00013EPSS

Exploits0References3

SUSE CVE•added 2026/05/18 1:21 p.m.•8 views

SUSE CVE-2026-44310

5.4CVSS5.9AI score0.00028EPSS

Exploits0References3

Tenable Nessus•added 2026/05/16 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2026-44309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-enco...

5.3CVSS5.8AI score0.00013EPSS

Exploits0References3

Tenable Nessus•added 2026/05/16 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in...

5.4CVSS5.9AI score0.00028EPSS

Exploits0References3

Snyk•added 2026/05/15 5:30 p.m.•5 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the CertVerifier.Verify function. An attacker can cause the process to panic and exit with a success code by providing a CMS/PKCS7 signed message containing an empty certificate set, which lead...

5.4CVSS5.8AI score0.00028EPSS

Exploits0References2

Snyk•added 2026/05/15 5:29 p.m.•5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verify process. An attacker can cause trust confusion by submitting a commit object with duplicate tree headers, resulting in different interpretations between git-core and go-git,...

6CVSS5.8AI score0.00013EPSS

Exploits0References2

Snyk•added 2026/05/15 5:29 p.m.•4 views

Improper Verification of Cryptographic Signature

6CVSS5.8AI score0.00013EPSS

Exploits0References2