pkg:Go/github.com/sigstore/gitsign
6 total CVEsMEDIUM4
✅ Check your installed version
All known vulnerabilities
- MEDIUM5.4CVE-2026-44310gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers>= 0.4.0, < 0.15.0
- MEDIUM5.3CVE-2026-44309gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commitsfrom 0, < 0.16.0
- MEDIUM4.2CVE-2023-47122Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. in github.com/sigstore/gitsign>= 0.6.0, < 0.8.0
- MEDIUM4.2CVE-2023-47122Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. in github.com/sigstore/gitsign>= 0.6.0, < 0.8.0
- —CVE-2024-51746gitsign may use incorrect Rekor entries during verification in github.com/sigstore/gitsignfrom 0, < 0.11.0
- —CVE-2024-51746gitsign may use incorrect Rekor entries during verification in github.com/sigstore/gitsignfrom 0, < 0.11.0