slsa-verifier vulnerable to mproper validation of npm's publish attestations in github.com/slsa-framework/slsa-verifier
{ "review_status": "UNREVIEWED", "url": "https://pkg.go.dev/vuln/GO-2023-2188" }