Browse all 7 CVE security advisories affecting notaryproject. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-51491 | Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go — notation-goCWE-703 | 3.3 | Low | 2025-01-13 |
| CVE-2024-56138 | Timestamp signature generation lacks certificate revocation check in notion-go — notation-goCWE-299 | 4.0 | Medium | 2025-01-13 |
| CVE-2024-23332 | Client configured with permissive trust policies susceptible to rollback attack in Notary Project — specificationsCWE-672 | 4.0 | Medium | 2024-01-19 |
| CVE-2023-33959 | Verification bypass can cause users into verifying the wrong artifact — notation-goCWE-347 | 8.4 | High | 2023-06-06 |
| CVE-2023-33958 | Default `maxSignatureAttempts` in `notation verify` enables an endless data attack in notation — notationCWE-400 | 5.4 | Medium | 2023-06-06 |
| CVE-2023-33957 | Denial of service from high number of artifact signatures in notation — notationCWE-400 | 2.6 | Low | 2023-06-06 |
| CVE-2023-25656 | notation-go has excessive memory allocation on verification — notation-goCWE-770 | 7.5 | High | 2023-02-20 |
This page lists every published CVE security advisory associated with notaryproject. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.