Verification of Sigstore signatures
94%
Total Score
71
100
100
100
100
| Title | Versions | Severity |
|---|---|---|
CVE-2026-48816 @sigstore/verify is vulnerable to Insufficient Verification of Data Authenticity in versions 3.1.0 - 3.1.0. | 3.1.0 - 3.1.0 | Medium |
| Dependency | Last Release | Score |
|---|---|---|
@sigstore/core Version ^4.0.1 | — | — |
@sigstore/bundle Version ^5.0.0 | — | — |
@sigstore/protobuf-specs Version ^0.5.0 | — | — |
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant