VYPR
Vendor

Stacklok

Products
2
CVEs
10
Across products
10
Status
Private

Products

2

Recent CVEs

10
  • CVE-2025-65109HigNov 21, 2025
    risk 0.55cvss epss 0.00

    Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not…

  • CVE-2024-34084HigMay 7, 2024
    risk 0.42cvss 7.5epss 0.01

    Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the…

  • CVE-2024-37904MedJun 18, 2024
    risk 0.30cvss 5.7epss 0.00

    Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the `github.com/go-git/go-git/v5` library on lines…

  • CVE-2024-35238MedMay 27, 2024
    risk 0.27cvss 5.3epss 0.01

    Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the…

  • CVE-2024-35194MedMay 20, 2024
    risk 0.27cvss 5.3epss 0.00

    Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use…

  • CVE-2024-35185MedMay 16, 2024
    risk 0.27cvss 5.3epss 0.00

    Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST…

  • CVE-2024-31455MedApr 9, 2024
    risk 0.21cvss 4.3epss 0.01

    Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing…

  • CVE-2025-47274LowMay 12, 2025
    risk 0.09cvss epss 0.00

    ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are…

  • CVE-2024-27916Mar 6, 2024
    risk 0.00cvss epss 0.01

    Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any…

  • CVE-2024-27093Feb 26, 2024
    risk 0.00cvss epss 0.01

    Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes…