Stacklok Minder

8 CVEs affecting Stacklok Minder. Latest disclosed: 2024-06-18. Critical: 0, High: 2.

Top CVEs affecting Stacklok Minder
CVESeverityScorePublishedSummary
CVE-2024-34084High7.52024-05-07Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has bee…
CVE-2024-27916High7.12024-03-21Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByNam…
CVE-2024-37904Medium5.72024-06-18Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitH…
CVE-2024-35238Medium5.32024-05-27Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack…
CVE-2024-35194Medium5.32024-05-20Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that c…
CVE-2024-35185Medium5.32024-05-16Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attac…
CVE-2024-27093Medium4.62024-02-26Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or d…
CVE-2024-31455Medium4.32024-04-09Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories re…