VYPR

RubyGems package

sigstore

pkg:gem/sigstore

Vulnerabilities (1)

  • CVE-2026-31830Mar 10, 2026
    affected < 0.2.3fixed 0.2.3

    sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifier#verify does not propagate the VerificationFailure returned by verify_in_toto when the artifact digest does not match the digest in the i