Severity: Critical
CVSS Score: 9.8
TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.