CLEANSTART-2026-ZM74354

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-ZM74354.json
JSON Data
https://api.osv.dev/v1/vulns/CLEANSTART-2026-ZM74354
Upstream
  • ghsa-4qg8-fj49-pxjh
  • ghsa-59jp-pj84-45mr
  • ghsa-846p-jg2w-w324
  • ghsa-fcv2-xgw5-pqxf
  • ghsa-fphv-w9fq-2525
  • ghsa-jqc5-w2xx-5vq4
Published
2026-04-01T09:34:33.540169Z
Modified
2026-07-08T00:45:18.056802049Z
Summary
Security fixes for CVE-2025-61732, CVE-2025-66506, CVE-2025-66564, CVE-2025-68121, CVE-2026-22772, CVE-2026-23991, CVE-2026-23992, CVE-2026-24137, CVE-2026-24686, CVE-2026-25679, CVE-2026-26958, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-4qg8-fj49-pxjh, ghsa-59jp-pj84-45mr, ghsa-846p-jg2w-w324, ghsa-fcv2-xgw5-pqxf, ghsa-fphv-w9fq-2525, ghsa-jqc5-w2xx-5vq4 applied in versions: 0.7.31-r0, 0.7.31-r1, 0.7.31-r2
Details

Multiple security vulnerabilities affect the sigstore-scaffolding package. These issues are resolved in later releases. See references for individual vulnerability details.

References

Affected packages

CleanStart / sigstore-scaffolding

Package

Name
sigstore-scaffolding

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.31-r2

Database specific

source
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-ZM74354.json"