Sigstore Sigstore-js

4 CVEs affecting Sigstore Sigstore-js. Latest disclosed: 2026-07-14. Critical: 1, High: 1.

Top CVEs affecting Sigstore Sigstore-js
CVESeverityScorePublishedSummary
CVE-2026-59891Critical9.62026-07-14sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 0.7.1, getRegistryCredentials() reads credentials from the Docker co…
CVE-2026-48815High7.52026-07-14sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify() is…
CVE-2026-48816Medium6.52026-07-14sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a transparency-log timestamp from tl…
CVE-2026-48758Medium5.42026-07-14sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding function in @sigstore/core uses Node.js a…