sigstore
Security Scorecard
Score
92B
Total CVEs
7
Patch Rate
86%
6 patched
Avg Response
-
days to patch
Critical Gaps
0
exploitable, no detection
Severity Breakdown
Critical0
High2
Medium5
Low0
Patch Status
Patched6 (86%)
Partial/Workaround0 (0%)
Unpatched1 (14%)
CVEs (7)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2026-24137 | Sigstore TUF Client Cache Vulnerability | Medium | 5.8 | - | Patched |
| CVE-2026-23831 | Rekor Panic | Medium | 5.3 | 0d | Unpatched |
| CVE-2026-24117 | Rekor SSRF Vulnerability | Medium | 5.3 | - | Patched |
| CVE-2026-22772 | Fulcio Code Signing Certificate SSRF Vulnerability | Medium | 5.8 | - | Patched |
| CVE-2026-22703 | CVE-2026-22703 | Medium | 5.5 | - | Patched |
| CVE-2025-66506 | Fulcio Certificate Authority Vulnerability | High | 7.5 | - | Patched |
| CVE-2025-66564 | Sigstore Timestamp Authority Denial of Service | High | 7.5 | - | Patched |