Sigstore Sigstore-js
4 CVEs affecting Sigstore Sigstore-js. Latest disclosed: 2026-07-14. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-59891 | Critical | 9.6 | 2026-07-14 | sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 0.7.1, getRegistryCredentials() reads credentials from the Docker co… |
CVE-2026-48815 | High | 7.5 | 2026-07-14 | sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify() is… |
CVE-2026-48816 | Medium | 6.5 | 2026-07-14 | sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a transparency-log timestamp from tl… |
CVE-2026-48758 | Medium | 5.4 | 2026-07-14 | sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding function in @sigstore/core uses Node.js a… |