Notaryproject Notation-go — known CVE vulnerabilities
Every CVE whose affected-product data names Notaryproject Notation-go, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-33959 — CVSS 8.3 (high): notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to…
CVE-2023-25656 — CVSS 7.5 (high): notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version…
CVE-2023-33958 — CVSS 5.4 (medium): notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high…
CVE-2024-23332 — CVSS 4.0 (medium): The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains…
CVE-2024-51491 — CVSS 3.3 (low): notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was…
CVE-2023-33957 — CVSS 2.6 (low): notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high…