Sigstore Timestamp-authority
2 CVEs affecting Sigstore Timestamp-authority. Latest disclosed: 2026-04-14. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-66564 | High | 7.5 | 2025-12-04 | Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to string… |
CVE-2026-39984 | Medium | 5.5 | 2026-04-14 | Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the Verify… |