VYPR

Go modules package

github.com/sigstore/timestamp-authority/v2

pkg:golang/github.com/sigstore/timestamp-authority/v2

Vulnerabilities (1)

  • CVE-2026-39984MedApr 15, 2026
    affected < 2.0.6fixed 2.0.6

    Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-speci