id: GO-2022-0326
excluded: EFFECTIVELY_PRIVATE
modules:
  - module: github.com/sigstore/cosign
cves:
  - CVE-2022-23649
ghsas:
  - GHSA-ccxc-vr6p-4858