| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-46737 | Possible endless data attack from attacker-controlled registry in cosign | sigstore | cosign | Low | 3.1 | 2023-11-07 17:30:26 | Deep Dive |
| CVE-2023-33199 | malformed proposed intoto v0.0.2 entries can cause a panic in Rekor | sigstore | rekor | Medium | 5.3 | 2023-05-26 22:52:16 | Deep Dive |
| CVE-2023-30551 | Rekor's compressed archives can result in OOM conditions | sigstore | rekor | High | 7.5 | 2023-05-08 15:52:42 | Deep Dive |
| CVE-2022-36056 | Vulnerabilities with blob verification in sigstore cosign | sigstore | cosign | Medium | 5.5 | 2022-09-14 19:50:09 | Deep Dive |
| CVE-2022-35930 | Ability to bypass attestation verification in sigstore PolicyController | sigstore | policy-controller | High | 7.1 | 2022-08-04 21:15:15 | Deep Dive |
| CVE-2022-35929 | False positive signature verification in cosign | sigstore | cosign | High | 7.1 | 2022-08-04 18:45:14 | Deep Dive |
| CVE-2022-23649 | Improper Certificate Validation in Cosign | sigstore | cosign | Low | 3.3 | 2022-02-18 21:30:10 | Deep Dive |