Browse all 9 CVE security advisories affecting stacklok. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Stacklok provides software supply chain security solutions focused on vulnerability detection and compliance enforcement. Historically, the organization's products have addressed common vulnerability classes including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. With nine CVEs currently on record, Stacklok's security characteristics center on proactive vulnerability management and open-source component analysis. While no major security incidents have been publicly documented, the organization's CVE history reflects typical challenges in securing complex software ecosystems. The company's core use case centers on helping organizations identify and remediate vulnerabilities in their software supply chains, with an emphasis on open-source component management and compliance monitoring.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-47274 | ToolHive stores secrets in the state store with no encryption — toolhiveCWE-311 | 6.5AI | MediumAI | 2025-05-12 |
This page lists every published CVE security advisory associated with stacklok. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.