github.com/google/go-attestation
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/google/go-attestationpage 1 of 1
- CVE-2022-0317MEDIUMCVSS 4.0EG 4.0✓ Fixed in 0.4.02022-02-04
An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same …
- CVE-2026-12681HIGHCVSS 8.9EG 8.92026-06-24
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList() does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this al…
Check whether github.com/google/go-attestation is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/google/go-attestation CVEs against the assets you own.
Start Free Scan →