VYPR

Go modules package

github.com/sigstore/fulcio

pkg:golang/github.com/sigstore/fulcio

Vulnerabilities (2)

  • CVE-2026-22772Jan 12, 2026
    affected < 1.8.5fixed 1.8.5

    Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal servic

  • CVE-2025-66506Dec 4, 2025
    affected < 1.8.3fixed 1.8.3

    Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in th