Known Vulnerabilities for Cosign by Sigstore
Listed below are 4 of the newest known vulnerabilities associated with "Cosign" by "Sigstore".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39395 json | Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attes... | Not Provided | 2026-04-07 | 2026-04-08 |
| CVE-2023-46737 json | Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled ... | 5.3 - MEDIUM | 2023-11-07 | 2023-11-14 |
| CVE-2022-36056 json | Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior... | 5.5 - MEDIUM | 2022-09-14 | 2022-09-19 |
| CVE-2022-35929 json | cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any... | 9.8 - CRITICAL | 2022-08-04 | 2022-08-10 |
| CVE-2022-23649 json | Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.... | 3.3 - LOW | 2022-02-18 | 2022-03-07 |