Welcome to Inedo Security Labs

Established in 2023, we are a team of security researchers focused on improving Software Supply Chain Security. We curate the ProGet Vulnerability Database (PGVD) and publish clear, practical write-ups to help teams understand real-world risk—not just theoretical severity.

To better prioritize that risk, we created the ProGet Vulnerability Rating System (PVRS). Instead of relying on CVSS scores, PVRS uses simple categories to reflect real-world impact and urgency. It highlights what can be safely monitored versus what requires immediate action, including the most critical Category 5 vulnerabilities.

Latest Vulnerabilities Detected

Vulnerability ID	Summary	Package
PGV-2642401	Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections	puma
PGV-264211M	Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion	puma
PGV-264210P	Dulwich has unbounded memory allocation in receive-pack from crafted thin packs	dulwich
PGV-264210O	Dulwich has unbounded memory allocation in receive-pack from crafted thin packs	dulwich
PGV-264210H	FUXA's scheduler API missing admin check enables operator-to-admin escalation via scheduled device actions	fuxa-server

Meet the Inedo Security Labs Team

We're a small but focused team that reports directly to Inedo's CEO, Alex Papadimoulis. Our experience is diverse and over a range of domains and technologies, from Java in the banking sector to legacy Windows systems in mining, and advancements in cloud-native and machine learning. And although we're new to the Inedo team, we started with a ton of experience in Inedo's products.

Our Analysts

Pete Barnum

Senior Security Analyst

Pete has a background in regulatory compliance, with a focus on cybersecurity, SDLC auditing, risk management, disaster recovery, and IT vendor management. He's worked the Banking, Logistics, and Government sectors... but not yet the live/traveling entertainment industry.

Kim Pento

Chief Security Researcher

As Chief Security Researcher at Inedo Security Labs, Kim leverages her 20 years of expertise in cybersecurity in highly regulated sectors, oversees the team, and was a key figure alongside Alex Papadimoulis, CEO of Inedo, in the establishment of Inedo Security Labs.

Tod Hoven

Security Analyst

Tod is a former product engineer of ProGet transitioned into a career as a security researcher. Interested in analyzing and dissecting various software and systems to discover potential vulnerabilities and threats, vulnerability assessment, penetration testing, and threat modeling.