github.com/notaryproject/notation (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/notaryproject/notation, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2023-33958 — CVSS 5.4 (medium): notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high…
CVE-2024-23332 — CVSS 4.0 (medium): The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains…
CVE-2023-33957 — CVSS 2.6 (low): notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high…