CVE-2023-46737: Cosign Vulnerability to Denial of Service via Attacker-Controlled Registry
Summary: The popular sigstore signing tool for OCI containers, Cosign, is vulnerable to a denial of service by an attacker-controlled registry. An attacker can cause
CVE-2023-30551: Rekor Open Source Software Supply Chain Transparency Log - Out of Memory Vulnerability
Rekor is an open source software that provides a transparency log for the software supply chain. However, there has been a vulnerability identified in versions