github.com/stacklok/minder (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/stacklok/minder, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2024-34084 — CVSS 7.5 (high): Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before…
CVE-2024-27916 — CVSS 7.1 (high): Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`…
CVE-2024-37904 — CVSS 5.7 (medium): Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a…
CVE-2024-35185 — CVSS 5.3 (medium): Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service…
CVE-2024-35194 — CVSS 5.3 (medium): Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from…
CVE-2024-35238 — CVSS 5.3 (medium): Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a…
CVE-2024-27093 — CVSS 4.6 (medium): Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository…
CVE-2024-31455 — CVSS 4.3 (medium): Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get…