VYPR

Sigstore Python

by Sigstore

Source repositories

CVEs (2)

  • CVE-2024-55655LowDec 10, 2024
    risk 0.11cvss epss 0.00

    sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the…

  • CVE-2026-24408Jan 26, 2026
    risk 0.00cvss epss 0.00

    sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. `_OAuthSession` creates a unique "state" and sends it as a parameter in the…