Known Vulnerabilities for Sigstore-js by Sigstore
Listed below are 8 of the newest known vulnerabilities associated with "Sigstore-js" by "Sigstore".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-59891 json | sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 0.7.1, getRegistryCredentials() re... | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2026-48816 json | sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a ... | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2026-48815 json | sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateO... | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2026-48758 json | sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding functio... | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2026-48501 json | GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization head... | Not Provided | 2026-05-29 | 2026-05-29 |
| CVE-2026-44310 json | Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0... | Not Provided | 2026-05-15 | 2026-05-15 |
| CVE-2026-44309 json | Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign ve... | Not Provided | 2026-05-15 | 2026-05-15 |
| CVE-2026-39984 json | Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization ... | Not Provided | 2026-04-15 | 2026-04-16 |