Theupdateframework Go-tuf — known CVE vulnerabilities
Every CVE whose affected-product data names Theupdateframework Go-tuf, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-29173 — CVSS 8.0 (high): go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the…
CVE-2026-23991 — CVSS 5.9 (medium): go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository…
CVE-2026-23992 — CVSS 5.9 (medium): go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or…
CVE-2026-24686 — CVSS 4.7 (medium): go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses the map file repository name string…