CVE-2023-46737 - Denial of Service in Cosign via Attacker-Controlled Registries
Cosign is a popular open-source tool from sigstore used for signing and verifying OCI container images. It's a trusted part of many cloud-native
CVE-2023-30551 - Out-Of-Memory Vulnerability in Rekor <1.1.1—How Attackers Could Crash Open Source Supply Chain Logs
Rekor is an open source tool designed to bring transparency to the software supply chain. It acts as a public log for recording cryptographic metadata