Direct Vulnerabilities

Known vulnerabilities in the cosign package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
CVE-2026-46598

<3.1.1-150400.3.45.1
  • H
Incorrect Type Conversion or Cast

<3.1.1-150400.3.45.1
  • H
Improper Certificate Validation

<3.1.1-150400.3.45.1
  • H
Improper Certificate Validation

<3.1.1-150400.3.45.1
  • H
Improper Certificate Validation

<3.1.1-150400.3.45.1
  • H
Improper Restriction of Rendered UI Layers or Frames

<3.1.1-150400.3.45.1
  • H
Improper Enforcement of Message Integrity During Transmission in a Communication Channel

<3.1.1-150400.3.45.1
  • H
Improper Restriction of Rendered UI Layers or Frames

<3.1.1-150400.3.45.1
  • H
Integer Overflow or Wraparound

<3.1.1-150400.3.45.1
  • H
Deserialization of Untrusted Data

<3.1.1-150400.3.45.1
  • H
Missing Authorization

<3.1.1-150400.3.45.1
  • H
Out-of-Bounds

<3.1.1-150400.3.45.1
  • H
CVE-2026-33815

<3.1.1-150400.3.45.1
  • H
CVE-2026-46595

<3.1.1-150400.3.45.1
  • H
Missing Authorization

<3.1.1-150400.3.45.1
  • H
Improper Verification of Cryptographic Signature

<3.1.1-150400.3.45.1
  • H
Cross-site Scripting (XSS)

<3.1.1-150400.3.45.1
  • H
Improper Restriction of Rendered UI Layers or Frames

<3.1.1-150400.3.45.1
  • H
Resource Exhaustion

<3.1.1-150400.3.45.1
  • M
Improper Check for Unusual or Exceptional Conditions

<3.0.6-150400.3.42.1
  • L
SUSE-SU-2026:1486-1

<3.0.5-150400.3.39.1
  • L
SUSE-SU-2026:1098-1

<3.0.5-150400.3.37.1
  • M
Directory Traversal

<3.0.5-150400.3.35.1
  • M
Improper Verification of Cryptographic Signature

<3.0.5-150400.3.35.1
  • M
Insufficient Verification of Data Authenticity

<3.0.5-150400.3.35.1
  • M
Improper Initialization

<3.0.5-150400.3.35.1
  • M
CVE-2025-58181

<3.0.5-150400.3.35.1
  • M
Information Exposure

<3.0.5-150400.3.35.1
  • M
Improper Certificate Validation

<3.0.5-150400.3.35.1
  • M
Reachable Assertion

<3.0.5-150400.3.35.1
  • M
Server-Side Request Forgery (SSRF)

<3.0.5-150400.3.35.1
  • H
Arbitrary Code Injection

<2.5.3-150400.3.30.1