VYPR

Go modules package

github.com/sigstore/cosign/v3

pkg:golang/github.com/sigstore/cosign/v3

Vulnerabilities (1)

  • CVE-2026-22703Jan 10, 2026
    affected < 3.0.4fixed 3.0.4

    Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When v