Lucene search
K

437 matches found

Chainguard
Chainguard
added 3 days ago6 views

GHSA-9VCR-P3RJ-Q5Q6 vulnerabilities

Vulnerabilities for packages: cloudbeat-fips, policy-controller-fips, cloudbeat, trivy-fips, tkn, crossplane, trivy-operator-fips, image-factory, kyverno-fips, policy-controller, tbot, tflint, tekton-chains, kubescape-server, trivy, falcoctl, aactl, kubescape, trivy-operator, spire-server-fips,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 3 days ago7 views

GHSA-9VCR-P3RJ-Q5Q6 vulnerabilities

Vulnerabilities for packages: trivy-operator, tkn, gitsign, tflint, teleport, falcoctl, kyverno, policy-controller, kubescape, aactl, tekton-chains, zarf, neuvector-sigstore-interface, trivy, kyverno-notation-aws, crossplane...

6.1AI score
Exploits0
Wolfi
Wolfi
added 3 days ago9 views

CVE-2026-49834 vulnerabilities

Vulnerabilities for packages: trivy-operator, tkn, gitsign, tflint, teleport, falcoctl, kyverno, policy-controller, kubescape, aactl, tekton-chains, zarf, neuvector-sigstore-interface, trivy, kyverno-notation-aws, crossplane...

6.1AI score
Exploits0
Circl
Circl
added 2026/07/01 8:35 p.m.6 views

CVE-2026-48816

creationtimestamp| type| source ---|---|--- 2026-07-01 20:35:05+00:00| published-proof-of-concept| https://github.com/sigstore/sigstore-js/security/advisories/GHSA-xgjw-pm74-86q4...

5.8AI score
Exploits0References1
Circl
Circl
added 2026/07/01 8:35 p.m.6 views

CVE-2026-48815

creationtimestamp| type| source ---|---|--- 2026-07-01 20:35:03+00:00| published-proof-of-concept| https://github.com/sigstore/sigstore-js/security/advisories/GHSA-52v5-jr5w-gjxr...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/07/01 7:57 p.m.3 views

GHSA-XGJW-PM74-86Q4 sigstore-js has Insufficient Verification of Data Authenticity

sigstore-js derives a transparency-log timestamp from tlogEntries.integratedTime and uses it to validate certificate validity windows and satisfy timestampThreshold. For bundle v0.2, a tlog entry can be inclusionProof-only no signed inclusionPromise/set, and the inclusion proof path does not...

6.5CVSS5.8AI score
Exploits0References2
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.5 views

CVE-2026-48702 vulnerabilities

Vulnerabilities for packages: cloudbeat-fips, policy-controller-fips, ratify, ko-fips, cloudbeat, tkn, crossplane, trivy-operator-fips, spire-server, kyverno-fips, slsa-verifier, policy-controller, tbot, tflint, tekton-chains, kubescape-server, falcoctl, aactl, kubescape, trivy-operator,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.5 views

GHSA-47Q9-M4WW-924M vulnerabilities

Vulnerabilities for packages: cloudbeat-fips, policy-controller-fips, ratify, ko-fips, cloudbeat, tkn, crossplane, trivy-operator-fips, spire-server, kyverno-fips, slsa-verifier, policy-controller, tbot, tflint, tekton-chains, kubescape-server, falcoctl, aactl, kubescape, trivy-operator,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

GHSA-47Q9-M4WW-924M vulnerabilities

Vulnerabilities for packages: tkn, tflint, policy-controller, neuvector-sigstore-interface, goreleaser, falcoctl, kyverno, slsa-verifier, kubescape, aactl, trivy-operator, kyverno-notation-aws, spire-server, ratify, teleport, tekton-chains, zarf, crossplane, gitsign, ko...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.7 views

CVE-2026-48702 vulnerabilities

Vulnerabilities for packages: tkn, tflint, policy-controller, neuvector-sigstore-interface, goreleaser, falcoctl, kyverno, slsa-verifier, kubescape, aactl, trivy-operator, kyverno-notation-aws, spire-server, ratify, teleport, tekton-chains, zarf, crossplane, gitsign, ko...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/26 7:11 p.m.3 views

GHSA-JFC7-64V2-MR8C @sigstore/core has DSSE payloadType type-binding failure

Impact The preAuthEncoding function in @sigstore/core uses Node.js 'ascii' encoding when converting the PAE Pre-Authentication Encoding string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designe...

5.4CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5763 Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority

Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority...

5.5CVSS7.1AI score0.00099EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 8:46 a.m.2 views

SUSE-SU-2026:2609-1 Security update for apptainer

This update for apptainer fixes the following issues - CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target cache path traversal bsc1264177. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of...

10CVSS6.8AI score0.01557EPSS
Exploits1References27
OSV
OSV
added 2026/06/01 12:0 a.m.16 views

MAL-2026-5141 Malicious code in @redhat-cloud-services/host-inventory-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.13 views

Malicious code in @redhat-cloud-services/compliance-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.16 views

Malicious code in @redhat-cloud-services/tsc-transform-imports (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/01 12:0 a.m.14 views

MAL-2026-5144 Malicious code in @redhat-cloud-services/notifications-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.11 views

MAL-2026-5142 Malicious code in @redhat-cloud-services/insights-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.8 views

MAL-2026-5146 Malicious code in @redhat-cloud-services/remediations-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.14 views

MAL-2026-5134 Malicious code in @redhat-cloud-services/config-manager-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

5.9AI score
Exploits0References1
Rows per page
Query Builder