Lucene search
K

219 matches found

OSV
OSV
added last week5 views

GO-2026-5778 Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor

Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/23 3:38 p.m.4 views

SUSE-SU-2026:2595-1 Security update for rekor

This update for rekor rebuilds it against the current go security release...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.14 views

Malicious code in @redhat-cloud-services/compliance-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.27 views

MAL-2026-5143 Malicious code in @redhat-cloud-services/javascript-clients-shared (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/05/22 5:54 a.m.8 views

Security update for rekor

This update for rekor rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterprise...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/22 5:54 a.m.4 views

SUSE-SU-2026:2043-1 Security update for rekor

This update for rekor rebuilds it against the current go security release...

5.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.22 views

SUSE CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 5:16 p.m.14 views

CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS0.00119EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/15 5:16 p.m.10 views

CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 4:22 p.m.15 views

EUVD-2026-30563

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 4:22 p.m.18 views

CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Gitsign 信任管理问题漏洞

Gitsign is a tool developed by Gitsign’s developers that allows for signing Git commits without the need for a key. Versions of Gitsign prior to 0.16.0 contained a trust management vulnerability. This vulnerability stemmed from the fact that gitsign verify and gitsign verify-tag re-encoded the...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/14 9:41 p.m.96 views

OrchidMantis

Orchid Mantis A Framework for ZKPoX — Zero-Knowledge Proof...

7.5CVSS6.9AI score0.03185EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/05/08 10:38 p.m.12 views

gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits

Summary gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees:...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/08 10:38 p.m.20 views

GHSA-7RMH-48MX-2VWC gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits

Summary gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees:...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References3
OSV
OSV
added 2026/04/30 4:39 p.m.5 views

OPENSUSE-SU-2026:20662-1 Security update for hauler

This update for hauler fixes the following issues: Changes in hauler: - update to 1.4.2 bsc1258614, CVE-2026-24122: Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 in the gomodules group across 1 directory fix for new helm chart features Bump github.com/sigstore/rekor from 1.4.3 ...

3.7CVSS5.8AI score0.00197EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.10 views

SUSE SLED15 / SLES15 Security Update : rekor (SUSE-SU-2026:1488-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1488-1 advisory. This update for rekor rebuilds it against the current go 1.25 security release. Tenable has extracted the preceding...

5.8AI score
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/04/20 3:54 p.m.6 views

Security update for rekor

This update for rekor rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/20 3:54 p.m.10 views

SUSE-SU-2026:1488-1 Security update for rekor

This update for rekor rebuilds it against the current go 1.25 security release...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/06 2:44 a.m.3 views

CLEANSTART-2026-YN35176 Security fixes for CVE-2026-34986 applied in versions: 1.5.1-r0

Security vulnerability affects the rekor-fips package. This issue is resolved in later releases. See references for vulnerability details...

7.5CVSS5.8AI score0.00651EPSS
Exploits0References3
Rows per page
Query Builder