{"id":3494016,"name":"github.com/docker/notary","ecosystem":"go","description":"","homepage":"https://github.com/docker/notary","licenses":"Apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/docker/notary","keywords_array":[],"namespace":"github.com/docker","versions_count":18,"first_release_published_at":"2016-02-25T00:40:56.000Z","latest_release_published_at":"2021-01-14T13:39:57.000Z","latest_release_number":"v0.7.0","last_synced_at":"2026-06-27T10:56:18.212Z","created_at":"2022-04-10T19:21:04.012Z","updated_at":"2026-06-27T10:56:18.212Z","registry_url":"https://pkg.go.dev/github.com/docker/notary","install_command":"go get github.com/docker/notary","documentation_url":"https://pkg.go.dev/github.com/docker/notary#section-documentation","metadata":{},"repo_metadata":{"uuid":"37743436","full_name":"notaryproject/notary","owner":"notaryproject","description":"Notary is a project that allows anyone to have trust over arbitrary collections of data","archived":false,"fork":false,"pushed_at":"2023-03-07T03:26:28.000Z","size":42190,"stargazers_count":3000,"open_issues_count":309,"forks_count":524,"subscribers_count":112,"default_branch":"master","last_synced_at":"2023-03-19T11:49:55.588Z","etag":null,"topics":["cncf","docker","trust"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"logo_url":null,"metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-06-19T20:07:53.000Z","updated_at":"2023-03-18T08:57:20.000Z","dependencies_parsed_at":"2023-02-13T01:15:39.250Z","dependency_job_id":null,"html_url":"https://github.com/notaryproject/notary","commit_stats":null,"repository_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/notaryproject%2Fnotary","tags_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/notaryproject%2Fnotary/tags","manifests_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/notaryproject%2Fnotary/manifests","owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/notaryproject","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":108921946,"host_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names"}},"repo_metadata_updated_at":"2023-03-21T18:38:19.439Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":12,"rankings":{"downloads":null,"dependent_repos_count":1.523723210578428,"dependent_packages_count":9.555658915966655,"stargazers_count":1.2549144077109413,"forks_count":1.2489257920692765,"docker_downloads_count":null,"average":3.395805581581325},"purl":"pkg:golang/github.com/docker/notary","advisories":[{"uuid":"GSA_kwCzR0hTQS03ODVoLWhyZjctZ3F4Y84AAXBI","url":"https://github.com/advisories/GHSA-785h-hrf7-gqxc","title":"Docker Notary Signature Algorithm Not Matched to Key vulnerability","description":"In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T03:28:46.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2015-9258","https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf","https://web.archive.org/web/20160305015752/https://docs.docker.com/notary/changelog/","https://github.com/advisories/GHSA-785h-hrf7-gqxc"],"source_kind":"github","identifiers":["GHSA-785h-hrf7-gqxc","CVE-2015-9258"],"repository_url":"https://github.com/theupdateframework/notary","blast_radius":0.0,"created_at":"2023-08-02T21:03:51.049Z","updated_at":"2026-06-20T04:08:28.403Z","epss_percentage":0.01063,"epss_percentile":0.60212,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ODVoLWhyZjctZ3F4Y84AAXBI","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03ODVoLWhyZjctZ3F4Y84AAXBI","packages":[{"ecosystem":"go","package_name":"github.com/docker/notary","versions":[{"first_patched_version":"0.1.0","vulnerable_version_range":"\u003c 0.1.0"}],"purl":"pkg:go/github.com%2Fdocker%2Fnotary"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ODVoLWhyZjctZ3F4Y84AAXBI/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/docker/notary","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/docker/notary","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/docker/notary/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2023-05-28T16:46:38.870Z","issues_count":45,"pull_requests_count":56,"avg_time_to_close_issue":27193904.666666668,"avg_time_to_close_pull_request":46373798.625,"issues_closed_count":9,"pull_requests_closed_count":32,"pull_request_authors_count":25,"issue_authors_count":40,"avg_comments_per_issue":2.088888888888889,"avg_comments_per_pull_request":2.0357142857142856,"merged_pull_requests_count":13,"bot_issues_count":0,"bot_pull_requests_count":7,"past_year_issues_count":12,"past_year_pull_requests_count":22,"past_year_avg_time_to_close_issue":451186.0,"past_year_avg_time_to_close_pull_request":1614044.8,"past_year_issues_closed_count":2,"past_year_pull_requests_closed_count":5,"past_year_pull_request_authors_count":10,"past_year_issue_authors_count":12,"past_year_avg_comments_per_issue":1.3333333333333333,"past_year_avg_comments_per_pull_request":0.5909090909090909,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":6,"past_year_merged_pull_requests_count":3},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdocker%2Fnotary/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdocker%2Fnotary/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdocker%2Fnotary/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdocker%2Fnotary/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdocker%2Fnotary/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdocker%2Fnotary/codemeta","maintainers":[]}