Go to main page
Versions in this module
v2
Jan 9, 2026 GO-2026-4529
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Sep 26, 2025 GO-2026-4309 +1 more
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Sep 12, 2025 GO-2026-4309 +1 more
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Jul 17, 2025 GO-2026-4309 +1 more
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Jun 17, 2025 GO-2026-4309 +1 more
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Jun 16, 2025 GO-2026-4309 +1 more
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Apr 7, 2025 GO-2026-4309 +1 more
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Feb 19, 2025 GO-2026-4309 +1 more
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Feb 4, 2025 GO-2026-4309 +1 more
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Oct 3, 2024 GO-2026-4309 +1 more
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Aug 6, 2024 GO-2026-4309 +1 more
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Jul 22, 2024 GO-2026-4309 +1 more
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Apr 10, 2024 GO-2026-4309 +1 more
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Jan 31, 2024 GO-2024-2718 +3 more
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Dec 5, 2023 GO-2024-2718 +3 more
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Nov 7, 2023 GO-2024-2718 +3 more
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Aug 31, 2023 GO-2023-2181 +4 more
GO-2023-2181: Denial of service attack from remote registry in github.com/sigstore/cosign
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Jun 27, 2023 GO-2023-2181 +4 more
GO-2023-2181: Denial of service attack from remote registry in github.com/sigstore/cosign
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Jun 23, 2023 GO-2023-2181 +4 more
GO-2023-2181: Denial of service attack from remote registry in github.com/sigstore/cosign
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Apr 24, 2023 GO-2023-2181 +4 more
GO-2023-2181: Denial of service attack from remote registry in github.com/sigstore/cosign
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Apr 6, 2023 GO-2023-2181 +4 more
GO-2023-2181: Denial of service attack from remote registry in github.com/sigstore/cosign
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Feb 23, 2023 GO-2023-2181 +4 more
GO-2023-2181: Denial of service attack from remote registry in github.com/sigstore/cosign
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Changes in this version
Feb 16, 2023 GO-2023-2181 +4 more
GO-2023-2181: Denial of service attack from remote registry in github.com/sigstore/cosign
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Feb 10, 2023 GO-2023-2181 +4 more
GO-2023-2181: Denial of service attack from remote registry in github.com/sigstore/cosign
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Jan 26, 2023 GO-2023-2181 +4 more
GO-2023-2181: Denial of service attack from remote registry in github.com/sigstore/cosign
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign
Dec 14, 2022 GO-2023-2181 +4 more
GO-2023-2181: Denial of service attack from remote registry in github.com/sigstore/cosign
GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign
GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign
GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign
GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign