github.com/theupdateframework/go-tuf/v2

Go3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/theupdateframework/go-tuf/v2page 1 of 1

CVE-2024-47534HIGHCVSS 8.2EG 0.0✓ Fixed in 2.0.1
2024-10-01
go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegatio…
CVE-2026-23991MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.3.1
2026-01-22
go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (valid JSON but not well formed TUF metadata…
CVE-2026-23992MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.3.1
2026-01-22
go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectiv…

Check whether github.com/theupdateframework/go-tuf/v2 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/theupdateframework/go-tuf/v2 CVEs against the assets you own.

Start Free Scan →