github.com/notaryproject/notation
Go3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/notaryproject/notationpage 1 of 1
- CVE-2023-33957LOWCVSS 2.6EG 2.6✓ Fixed in 1.0.0-rc.62023-06-06
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user…
- CVE-2023-33958MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.0.0-rc.62023-06-06
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user…
- CVE-2024-23332MEDIUMCVSS 4.0EG 4.02024-01-19
The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a comp…
Check whether github.com/notaryproject/notation is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/notaryproject/notation CVEs against the assets you own.
Start Free Scan →