Homepage

cosign vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the cosign package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
GHSA-p77j-4mvh-x3m3

<3.0.5-r3
  • L
Improper Authorization

<3.0.5-r3
  • L
GHSA-p436-gjf2-799p

<3.0.5-r2
  • H
CVE-2025-15558

<3.0.5-r2
  • L
GHSA-9h8m-3fm2-qjrq

<3.0.5-r1
  • M
Server-Side Request Forgery (SSRF)

<3.0.4-r1
  • L
GHSA-59jp-pj84-45mr

<3.0.4-r1
  • L
Asymmetric Resource Consumption (Amplification)

<3.0.3-r0
  • L
CVE-2025-61731

<3.0.5-r1
  • L
GHSA-j5pm-7495-qmr3

<2.5.3-r1
  • L
GHSA-f83f-xpx7-ffpw

<3.0.3-r0
  • L
Race Condition

<2.5.3-r1
  • L
GHSA-4qg8-fj49-pxjh

<3.0.3-r0
  • L
GHSA-mh63-6h87-95cp

<2.4.3-r6
  • L
CVE-2025-22869

<2.4.3-r4
  • L
GHSA-qxp5-gwg8-xv66

<2.4.3-r5
  • L
CVE-2024-45337

<2.4.1-r2
  • L
GHSA-29wx-vh33-7x7r

<2.4.1-r1
  • L
GHSA-6v2p-p543-phr9

<2.4.3-r3
  • L
Directory Traversal

<3.0.4-r2
  • L
Untrusted Search Path

<3.0.5-r1
  • L
Server-Side Request Forgery (SSRF)

<3.0.4-r2
  • L
GHSA-4f8r-qqr9-fq8j

<3.0.2-r1
  • L
GHSA-4c4x-jm2x-pf9j

<3.0.4-r2
  • L
GHSA-f6x5-jh6r-wrfv

<3.0.2-r2
  • L
CVE-2025-58181

<3.0.2-r2
  • L
GHSA-jqc5-w2xx-5vq4

<3.0.4-r2
  • L
GHSA-xvqr-69v8-f3gv

<3.0.5-r1
  • L
GHSA-8xfx-rj4p-23jm

<2.4.0-r3
  • H
Reachable Assertion

<3.0.4-r2
  • L
Race Condition

<3.0.2-r1
  • H
Improper Verification of Cryptographic Signature

<3.0.4-r2
  • L
Improper Validation of Specified Type of Input

<2.5.0-r2
  • L
GHSA-fphv-w9fq-2525

<3.0.4-r2
  • L
CVE-2024-45336

<2.4.1-r5
  • L
CVE-2024-45338

<2.4.1-r4
  • L
GHSA-crqm-pwhx-j97f

<2.4.0-r3
  • L
GHSA-j7vj-rw65-4v26

<2.4.0-r3
  • L
GHSA-fv92-fjc5-jj9h

<2.5.2-r1
  • L
Asymmetric Resource Consumption (Amplification)

<2.4.3-r6
  • L
GHSA-v778-237x-gjrc

<2.4.1-r2
  • L
GHSA-273p-m2cw-6833

<3.0.4-r2
  • L
Improper Handling of Exceptional Conditions

<2.4.1-r1
  • L
GHSA-cm6p-qc7v-m3jw

<3.0.4-r2
  • L
GHSA-6m8w-jc87-6cr7

<2.5.0-r1
  • L
GHSA-gr56-3gp6-6gmj

<3.0.4-r2
  • L
GHSA-c77r-fh37-x2px

<2.4.0-r4
  • L
GHSA-frhw-mqj2-wxw2

<3.0.2-r1
  • L
Algorithmic Complexity

<3.0.2-r1
  • L
Allocation of Resources Without Limits or Throttling

<3.0.4-r2
  • L
GHSA-3whm-j4xm-rv8x

<2.4.2-r0
  • L
Asymmetric Resource Consumption (Amplification)

<3.0.3-r0
  • L
GHSA-j5w8-q4qc-rx2x

<3.0.2-r2
  • L
Out-of-bounds Write

<3.0.4-r2
  • L
GHSA-g9q4-qjx4-2v7q

<3.0.4-r2
  • L
CVE-2024-34155

<2.4.0-r3
  • L
GHSA-c6gw-w398-hv78

<2.4.3-r1
  • L
Allocation of Resources Without Limits or Throttling

<2.4.3-r1
  • L
GHSA-846p-jg2w-w324

<3.0.4-r2
  • L
CVE-2025-22868

<2.4.3-r3
  • L
GHSA-3f6r-qh9c-x6mm

<2.4.1-r5
  • L
Arbitrary Code Injection

<2.5.0-r1
  • L
GHSA-2x5j-vhc8-9cwm

<2.5.0-r2
  • L
CVE-2025-47914

<3.0.2-r2
  • L
CVE-2025-22866

<2.4.2-r0
  • L
GHSA-w32m-9786-jp63

<2.4.1-r4
  • L
GHSA-fcv2-xgw5-pqxf

<3.0.4-r2
  • L
CVE-2024-34158

<2.4.0-r3
  • L
NULL Pointer Dereference

<3.0.4-r2
  • M
Directory Traversal

<3.0.4-r2
  • L
CVE-2025-22870

<2.4.3-r5
  • L
GHSA-hcg3-q754-cr77

<2.4.3-r4
  • L
CVE-2024-45341

<2.4.1-r5
  • L
CVE-2024-34156

<2.4.0-r3
  • L
CVE-2025-61730

<3.0.4-r2
  • L
Allocation of Resources Without Limits or Throttling

<3.0.4-r2
  • L
GHSA-gm9r-q53w-2gh4

<3.0.4-r2
  • L
GHSA-7wrw-r4p8-38rx

<2.4.1-r5
  • H
Authentication Bypass

<2.4.0-r4
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<2.4.0-r2
  • L
GHSA-cq38-jh5f-37mq

<2.4.0-r2
  • L
CVE-2024-41110

<2.3.0-r1
  • L
GHSA-v23v-6jw2-98fq

<2.3.0-r1
  • L
GHSA-hw49-2p59-3mhj

<2.2.4-r8
  • L
CVE-2024-24791

<2.2.4-r8
  • M
Information Exposure Through Log Files

<2.2.4-r7
  • L
GHSA-v6v8-xj6m-xwqh

<2.2.4-r7
  • M
Race Condition

<2.2.4-r6
  • L
GHSA-m5vv-6r4h-3vj9

<2.2.4-r6
  • L
GHSA-236w-p7wf-5ph8

<2.2.4-r5
  • M
CVE-2024-24789

<2.2.4-r5
  • C
CVE-2024-24790

<2.2.4-r5
  • L
GHSA-49gw-vxvf-fc2g

<2.2.4-r5
  • L
GHSA-5fq7-4mxc-535h

<2.2.4-r4
  • L
CVE-2024-24787

<2.2.4-r4
  • L
GHSA-2jwv-jmq4-4j3r

<2.2.4-r4
  • L
CVE-2024-24788

<2.2.4-r4
  • L
CVE-2023-45288

<2.2.4-r1
  • L
GHSA-4v7x-pqxf-cx7m

<2.2.4-r1
  • H
Origin Validation Error

<2.2.3-r4
  • L
GHSA-xw73-rw38-6vjc

<2.2.3-r4
  • L
CVE-2024-24786

<2.2.3-r3
  • L
GHSA-8r3f-844c-mc37

<2.2.3-r3
  • L
CVE-2024-28180

<2.2.3-r2
  • L
GHSA-c5q2-7r4c-mv6g

<2.2.3-r2
  • L
GHSA-9763-4f94-gfch

<2.2.2-r2
  • L
GHSA-45x7-px36-x8w8

<2.2.2-r1
  • M
Improper Validation of Integrity Check Value

<2.2.2-r1
  • L
GHSA-2wrh-6pvc-2jm9

<2.2.0-r5
  • L
GHSA-m425-mq94-257g

<2.2.0-r6
  • L
GHSA-vfp6-jrw2-99g9

<2.2.1-r0
  • L
GHSA-qppj-fm5r-hxr3

<2.2.0-r6
  • L
GHSA-4374-p667-p6c8

<2.2.0-r5
  • L
GHSA-2c7c-3mj9-8fqh

<2.2.1-r1
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<2.2.1-r0
  • M
Cross-site Scripting (XSS)

<2.2.0-r5
  • H
Allocation of Resources Without Limits or Throttling

<2.2.0-r5
  • H
CVE-2023-44487

<2.2.0-r6