pkg:Go/github.com/sigstore/cosign/v2
9 total CVEsMEDIUM6LOW3
✅ Check your installed version
All known vulnerabilities
MEDIUM5.5CVE-2026-22703Cosign verification accepts any valid Rekor entry under certain conditions from 0, < 2.6.2
MEDIUM5.5CVE-2026-22703Cosign verification accepts any valid Rekor entry under certain conditions from 0, < 2.6.2
MEDIUM4.2CVE-2024-29903Cosign vulnerable to machine-wide denial of service via malicious artifacts from 0, < 2.2.4
MEDIUM4.2Cosign vulnerable to machine-wide denial of service via malicious artifacts
from 0, < 2.2.4
MEDIUM4.2Cosign vulnerable to system-wide denial of service via malicious attachments
from 0, < 2.2.4
MEDIUM4.2Cosign vulnerable to system-wide denial of service via malicious attachments
from 0, < 2.2.4
LOW3.7Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked
from 0
LOW3.1Possible endless data attack from attacker-controlled registry in cosign
from 0, < 2.2.1
LOW3.1Possible endless data attack from attacker-controlled registry in cosign
from 0, < 2.2.1