Browse all 7 CVE security advisories affecting theupdateframework. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24686 | go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names — go-tufCWE-22 | 4.7 | Medium | 2026-01-27 |
| CVE-2026-23992 | go-tuf improperly validates the configured threshold for delegations — go-tufCWE-347 | 5.9 | Medium | 2026-01-22 |
| CVE-2026-23991 | go-tuf affected by client DoS via malformed server response — go-tufCWE-617 | 5.9 | Medium | 2026-01-22 |
| CVE-2024-47534 | Incorrect delegation lookups can make go-tuf download the wrong artifact — go-tufCWE-362 | - | - | 2024-10-01 |
| CVE-2022-29173 | No protection against rollback attacks in go-tuf — go-tufCWE-354 | 8.0 | High | 2022-05-05 |
| CVE-2021-41131 | Client metadata path-traversal in python-tuf — python-tufCWE-22 | 7.5 | High | 2021-10-19 |
| CVE-2020-15163 | Invalid root may become trusted root in The Update Framework (TUF) — tufCWE-863 | 8.7 | High | 2020-09-09 |
This page lists every published CVE security advisory associated with theupdateframework. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.