diff --git a/falcoctl.advisories.yaml b/falcoctl.advisories.yaml
index 0b64f3bb97..13a64e2378 100644
--- a/falcoctl.advisories.yaml
+++ b/falcoctl.advisories.yaml
@@ -246,6 +246,13 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/falcoctl
             scanner: grype
+      - timestamp: 2025-12-12T13:13:10Z
+        type: pending-upstream-fix
+        data:
+          note: |
+            The github.com/sigstore/timestamp-authority dependency is a transient dependency from github.com/sigstore/cosign which is currently at v2.6.2.
+            The timestamp-authority dependency on the cosign project has been bumped to v2.0.3 on cosign v3.0.3.
+            Upstream has to make the necessary code changes to support the new cosign v3.0.3 in order to pull in the newer timestamp-authority transitive dependency.
 
   - id: CGA-8cf3-9hvr-pv88
     aliases:
@@ -896,6 +903,13 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/falcoctl
             scanner: grype
+      - timestamp: 2025-12-12T13:15:35Z
+        type: pending-upstream-fix
+        data:
+          note: |
+            The github.com/sigstore/fulcio dependency is a transient dependency from github.com/sigstore/cosign which is currently at v2.4.3.
+            The fulcio dependency on the cosign project has been bumped to v1.8.3 on cosign v3.0.3.
+            Upstream has to make the necessary code changes to support the new cosign v3.0.3 in order to pull in the newer fulcio transitive dependency.
 
   - id: CGA-vm33-xg2q-8gjg
     aliases: