VYPR

PyPI package

sigstore

pkg:pypi/sigstore

Vulnerabilities (2)

  • CVE-2026-24408Jan 26, 2026
    affected < 4.2.0fixed 4.2.0

    sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. `_OAuthSession` creates a unique "state" and sends it as a parameter in the authe

  • CVE-2024-55655LowDec 10, 2024
    affected >= 2.0.0, < 3.6.0fixed 3.6.0

    sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integra