github.com/sigstore/rekor

Go2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/sigstore/rekorpage 1 of 1

CVE-2023-30551HIGHCVSS 7.5EG 7.5✓ Fixed in 1.1.1
2023-05-08
Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verificat…
CVE-2023-33199MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.2.0
2023-05-26
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process.…

Check whether github.com/sigstore/rekor is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/sigstore/rekor CVEs against the assets you own.

Start Free Scan →