cosign (SUSE:Linux Enterprise Module for Basesystem 15 SP7) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 SP7 package cosign, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2025-46569: Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP…
CVE-2026-23992 — CVSS 5.9 (medium): go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or…
CVE-2026-23991 — CVSS 5.9 (medium): go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository…
CVE-2026-24137 — CVSS 5.8 (medium): sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client…
CVE-2026-22772 — CVSS 5.8 (medium): Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's…
CVE-2026-22703 — CVSS 5.5 (medium): Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted…
CVE-2025-11065 — CVSS 5.3 (medium): A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This…
CVE-2025-58181 — CVSS 5.3 (medium): SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker…
CVE-2026-39395 — CVSS 4.3 (medium): Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may…
CVE-2026-24122 — CVSS 3.7 (low): Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a…
CVE-2026-26958: filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In…