
CVE-2025-47274 – ToolHive stores secrets in the state store with no encryption
https://notcve.org/view.php?id=CVE-2025-47274
12 May 2025 — ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only applies to secret... • https://github.com/stacklok/toolhive/commit/e8efa1b1d7b0776a39339257d30bf6c4a171f2b8 • CWE-311: Missing Encryption of Sensitive Data •

CVE-2024-37904 – Denial of service from maliciously configured Git repository in Minder
https://notcve.org/view.php?id=CVE-2024-37904
18 Jun 2024 — Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the `github.com/go-git/go-git/v5` library on lines `L55-L89`. The Git provider does the following on the lines `L56-L62`. First, it sets the `CloneOptions`, specifying the url, the depth etc. • https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L55-L89 • CWE-400: Uncontrolled Resource Consumption •

CVE-2024-35238 – Denial of service of Minder Server from maliciously crafted GitHub attestations
https://notcve.org/view.php?id=CVE-2024-35238
27 May 2024 — Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on the response body. An attacker can exploit this by making Minder make a request to an attacker-controlled endpoin... • https://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/verifier/sigstore/container/container.go#L271-L300 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVE-2024-35194 – Stacklok Minder vulnerable to denial of service from maliciously crafted templates
https://notcve.org/view.php?id=CVE-2024-35194
20 May 2024 — Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs, messages for pull requests, descriptions for advisories. In some cases can the user control both the template and the params for it, and in a subset of these cases, Minder reads the generated template entirely into ... • https://github.com/stacklok/minder/commit/fe321d345b4f738de6a06b13207addc72b59f892 • CWE-400: Uncontrolled Resource Consumption •

CVE-2024-35185 – Denial of service of Minder Server with attacker-controlled REST endpoint
https://notcve.org/view.php?id=CVE-2024-35185
16 May 2024 — Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends a request to an endpoint and will use the data from the body of the response as the data to evaluate against a certain rule. If the resp... • https://github.com/stacklok/minder/commit/065049336aac0621ee00a0bb2211f8051d47c14b • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVE-2024-34084 – Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests
https://notcve.org/view.php?id=CVE-2024-34084
07 May 2024 — Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to `HandleGithubWebhook` to crash the Minder controlplane and deny other users from using it. This vulnerability is fixed in 0.0.48. El `HandleGithubWebhook` de Minder es susceptible a un ataque de denegación de se... • https://github.com/stacklok/minder/commit/3e5a527d2f1b535159206161d1d519602c75bd0d • CWE-400: Uncontrolled Resource Consumption •

CVE-2024-31455 – Minder GetRepositoryByName data leak
https://notcve.org/view.php?id=CVE-2024-31455
09 Apr 2024 — Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`. • https://github.com/stacklok/minder/commit/11b6573ad62cfdd783a8bb52f3fce461466037f4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2024-27916 – `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
https://notcve.org/view.php?id=CVE-2024-27916
06 Mar 2024 — Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, the... • https://github.com/stacklok/minder/blob/a115c8524fbd582b2b277eaadce024bebbded508/internal/controlplane/handlers_repositories.go#L277-L278 • CWE-285: Improper Authorization •

CVE-2024-27093 – Minder trusts client-provided mapping from repo name to upstream ID
https://notcve.org/view.php?id=CVE-2024-27093
26 Feb 2024 — Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with policy (because the webhooks for the repo do not match any known repository in the database). When attempting to register a repo with a different repo ID, the registered provider must have admin on the named repo, ... • https://github.com/stacklok/minder/commit/53868a878e93f29c43437f96dbc990b548e48d1d • CWE-20: Improper Input Validation •