Ecosyste.ms: Packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

Top 7.8% on proxy.golang.org
Top 6.0% forks on proxy.golang.org

proxy.golang.org : github.com/stacklok/minder

Secure Software Supply Chain Platform

Registry - Source - Documentation - JSON
purl: pkg:golang/github.com/stacklok/minder
Keywords: security, supply-chain
License: Apache-2.0
Latest release: 3 months ago
First release: 9 months ago
Namespace: github.com/stacklok
Stars: 79 on GitHub
Forks: 12 on GitHub
See more repository details: repos.ecosyste.ms
Last synced: 12 days ago

High

GSA_kwCzR0hTQS05YzV3LTlxM2YtM2h2N84AA70G

Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
Ecosystems: go
Packages: github.com/stacklok/minder
Source: github
Published: 19 days ago

Moderate

GSA_kwCzR0hTQS1nZ3A1LTI4eDQteGNqOc4AA6wX

Minder GetRepositoryByName data leak
Ecosystems: go
Packages: github.com/stacklok/minder
Source: github
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS1manc4LTNncDgtNGN2eM4AA8Kw

Denial of service of Minder Server with attacker-controlled REST endpoint
Ecosystems: go
Packages: github.com/stacklok/minder
Source: github
Published: 10 days ago

Moderate

GSA_kwCzR0hTQS1jcmdjLTI1ODMtcncyN84AA8WN

Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Ecosystems: go
Packages: github.com/stacklok/minder
Source: github
Published: 6 days ago

Moderate

GSA_kwCzR0hTQS1xNmg4LTRqMnYtcGpnNM4AA5gv

Minder trusts client-provided mapping from repo name to upstream ID
Ecosystems: go
Packages: github.com/stacklok/minder
Source: github
Published: 3 months ago

High

GSA_kwCzR0hTQS12NjI3LTY5djIteHgzN84AA5xb

`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
Ecosystems: go
Packages: github.com/stacklok/minder
Source: github
Published: 3 months ago