github.com/notaryproject/notation-go

Go4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/notaryproject/notation-gopage 1 of 1

CVE-2023-25656HIGHCVSS 7.5EG 7.5✓ Fixed in 1.0.0-rc.3
2023-02-20
notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. Th…
CVE-2023-33959HIGHCVSS 8.3EG 8.3✓ Fixed in 1.0.0-rc.6
2023-06-06
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgr…
CVE-2024-51491LOWCVSS 3.3EG 3.3✓ Fixed in 1.3.0-rc.2
2025-01-13
vulnerable: 1.3.0-rc.1
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocati…
CVE-2024-56138MEDIUMCVSS 4.0EG 4.0✓ Fixed in 1.3.0-rc.2
2025-01-13
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature genera…

Check whether github.com/notaryproject/notation-go is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/notaryproject/notation-go CVEs against the assets you own.

Start Free Scan →