Welcome to Inedo Security Labs

Established in 2023, we're a team of security researchers that work closely with Inedo's product engineers, solution architects, and leadership to improve Software Supply Chain Security for our customers and beyond. We accomplish this through research (some of which is published in our SecLib), as well as advisory and consulting services.

We also curate the ProGet Vulnerability Database (PGVD), which is an aggregation of publicly-disclosed vulnerabilities from a variety of sources and malicious packages we've detected. In addition, we'll do easy-to-understand write-ups of prominent vulnerabilities, so that you don't have to be a security researcher yourself to learn how to protect yourself.

Latest Vulnerabilities Detected

CVSS Score	Vulnerability ID	Summary	Package
6.9	PGV-2548403	ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions	ethereum (cargo)
6.5	PGV-2548476	RHSA-2025:10246: thunderbird security update (Important)	thunderbird (rpm)
6.5	PGV-2548475	RHSA-2025:10217: ruby:3.3 security update (Moderate)	ruby , ruby-bundled-gems , ruby-default-gems , ruby-devel , ruby-doc , rubygem-abrt , rubygem-abrt-doc , rubygem-bigdecimal , rubygem-bundler , rubygem-io-console , rubygem-irb , rubygem-json , rubygem-minitest , rubygem-mysql2 , rubygem-mysql2-doc , rubygem-pg , rubygem-pg-doc , rubygem-power_assert , rubygem-psych , rubygem-racc , rubygem-rake , rubygem-rbs , rubygem-rdoc , rubygem-rexml , rubygem-rss , rubygems , rubygems-devel , rubygem-test-unit , rubygem-typeprof , ruby-libs (rpm)
7.0	PGV-2548474	RHSA-2025:10219: glibc security update (Moderate)	glibc , glibc-common , glibc-devel , glibc-headers , glibc-static , glibc-utils , nscd (rpm)
7.0	PGV-2548412	RHSA-2025:10211: kernel security update (Moderate)	bpftool x86_64, kernel x86_64, kernel-abi-stablelists , kernel-core x86_64, kernel-cross-headers x86_64, kernel-debug x86_64, kernel-debug-core x86_64, kernel-debug-devel x86_64, kernel-debug-modules x86_64, kernel-debug-modules-extra x86_64, kernel-devel x86_64, kernel-doc , kernel-headers x86_64, kernel-modules x86_64, kernel-modules-extra x86_64, kernel-tools x86_64, kernel-tools-libs x86_64, perf x86_64, python3-perf x86_64 (rpm)

Meet the Inedo Security Labs Team

We're a small but focused team that reports directly to Inedo's CEO, Alex Papadimoulis. Our experience is diverse and over a range of domains and technologies, from Java in the banking sector to legacy Windows systems in mining, and advancements in cloud-native and machine learning. And although we're new to the Inedo team, we started with a ton of experience in Inedo's products.

Our Analysts

Pete Barnum

Senior Security Analyst

Pete has a background in regulatory compliance, with a focus on cybersecurity, SDLC auditing, risk management, disaster recovery, and IT vendor management. He's worked the Banking, Logistics, and Government sectors... but not yet the live/traveling entertainment industry.

Kim Pento

Chief Security Researcher

As Chief Security Researcher at Inedo Security Labs, Kim leverages her 20 years of expertise in cybersecurity in highly regulated sectors, oversees the team, and was a key figure alongside Alex Papadimoulis, CEO of Inedo, in the establishment of Inedo Security Labs.

Tod Hoven

Security Analyst

Tod is a former product engineer of ProGet transitioned into a career as a security researcher. Interested in analyzing and dissecting various software and systems to discover potential vulnerabilities and threats, vulnerability assessment, penetration testing, and threat modeling.