VYPR
Vendor

Notaryproject

Products
3
CVEs
7
Across products
7
Status
Private

Products

3

Recent CVEs

7
  • CVE-2023-33959HigJun 6, 2023
    risk 0.47cvss 8.3epss 0.00

    notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to…

  • CVE-2023-25656HigFeb 20, 2023
    risk 0.42cvss 7.5epss 0.00

    notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus…

  • CVE-2023-33958MedJun 6, 2023
    risk 0.28cvss 5.4epss 0.00

    notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the…

  • CVE-2024-56138MedJan 13, 2025
    risk 0.19cvss 4.0epss 0.00

    notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the…

  • CVE-2024-23332MedJan 19, 2024
    risk 0.19cvss 4.0epss 0.00

    The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide…

  • CVE-2023-33957LowJun 6, 2023
    risk 0.10cvss 2.6epss 0.01

    notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the…

  • CVE-2024-51491Jan 13, 2025
    risk 0.00cvss epss 0.00

    notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature. After retrieving the…