Cross-Site Request Forgery (CSRF)
Inedo ProGet Beta5 has CSRF, allowing an attacker to change advanced settings.
Advisories for Nuget/Inedo.ProGet.SDK package
2018
2017
Improper Input Validation
Inedo ProGet does not properly address dangerous package IDs during package addition, aka PG-1060.