Browse all 7 CVE security advisories affecting notaryproject. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Notaryproject is an open-source software supply chain security framework designed to verify software integrity through cryptographic signatures. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its seven recorded CVEs. The platform's security model relies on cryptographic verification but has faced implementation weaknesses that allow attackers to bypass signature checks or inject malicious code. While no major public security incidents have been widely reported, the consistent discovery of critical vulnerabilities in its codebase highlights ongoing challenges in maintaining secure software verification processes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-33958 | Default `maxSignatureAttempts` in `notation verify` enables an endless data attack in notation — notationCWE-400 | 5.4 | Medium | 2023-06-06 |
| CVE-2023-33957 | Denial of service from high number of artifact signatures in notation — notationCWE-400 | 2.6 | Low | 2023-06-06 |
This page lists every published CVE security advisory associated with notaryproject. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.