Browse all 7 CVE security advisories affecting notaryproject. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Notaryproject is an open-source software supply chain security framework designed to verify software integrity through cryptographic signatures. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its seven recorded CVEs. The platform's security model relies on cryptographic verification but has faced implementation weaknesses that allow attackers to bypass signature checks or inject malicious code. While no major public security incidents have been widely reported, the consistent discovery of critical vulnerabilities in its codebase highlights ongoing challenges in maintaining secure software verification processes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-51491 | Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go — notation-goCWE-703 | 3.3 | Low | 2025-01-13 |
| CVE-2024-56138 | Timestamp signature generation lacks certificate revocation check in notion-go — notation-goCWE-299 | 4.0 | Medium | 2025-01-13 |
| CVE-2024-23332 | Client configured with permissive trust policies susceptible to rollback attack in Notary Project — specificationsCWE-672 | 4.0 | Medium | 2024-01-19 |
| CVE-2023-33959 | Verification bypass can cause users into verifying the wrong artifact — notation-goCWE-347 | 8.4 | High | 2023-06-06 |
| CVE-2023-33958 | Default `maxSignatureAttempts` in `notation verify` enables an endless data attack in notation — notationCWE-400 | 5.4 | Medium | 2023-06-06 |
| CVE-2023-33957 | Denial of service from high number of artifact signatures in notation — notationCWE-400 | 2.6 | Low | 2023-06-06 |
| CVE-2023-25656 | notation-go has excessive memory allocation on verification — notation-goCWE-770 | 7.5 | High | 2023-02-20 |
This page lists every published CVE security advisory associated with notaryproject. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.