Powered by AI + Aikido Research team
Aikido Intel- Open Source Threat Intelligence
Your earliest warning for supply chain threats.
We expose malware and vulnerabilities in open-source ecosystems, within minutes.
vulnerabilities
7
6
7
malware
6
9
1
3
NO CVE
Low Riskpyo3 is vulnerable to Buffer Overflow
Upgrade the pyo3 library to the patch version.
Apr 1, 2025
AIKIDO-2025-10198
NO CVE
Medium Riskgithub.com/getsops/sops/v3 is vulnerable to Observable Timing Discrepancy
Upgrade the github.com/getsops/sops/v3 library to the patch version.
Apr 1, 2025
AIKIDO-2025-10197
NO CVE
Medium Risk@remix-run/express is vulnerable to Improper Input Validation
Upgrade the @remix-run/express library to the patch version.
Mar 31, 2025
AIKIDO-2025-10196
NO CVE
Medium RiskRadzen.Blazor is vulnerable to Cross-Site Scripting (XSS)
Upgrade the Radzen.Blazor library to the patch version. Note: some breaking changes have been introduced (compared to 6.3.x). Unicode symbols for icons must now be used directly as characters rather than HTML entities (e.g., replace <RadzenIcon Icon=""/> with <RadzenIcon Icon="@("")"/>). Additionally, dialog titles no longer support HTML content—developers should use DialogContent instead.
Mar 31, 2025
AIKIDO-2025-10195
NO CVE
Low Risksynapse is vulnerable to Authentication Bypass
Upgrade the synapse library to the patch version.
Mar 31, 2025
AIKIDO-2025-10194
NO CVE
High Risk@react-router/express is vulnerable to Cross-Site Request Forgery (CSRF)
Upgrade the @react-router/express library to the patch version.
Mar 31, 2025
AIKIDO-2025-10193
NO CVE
Medium Risk@auth0/nextjs-auth0 is vulnerable to Access Token Exposure
Upgrade the @auth0/nextjs-auth0 library to the patch version.
Mar 31, 2025
AIKIDO-2025-10192
NO CVE
Medium Riskaws-cdk-lib is vulnerable to Incorrect Default Permissions
Upgrade the aws-cdk-lib library to the patch version. Upgrading to the patched version alone is not sufficient; the feature flag @aws-cdk/pipelines:reduceStageRoleTrustScope must be set to true, and the infrastructure must be redeployed to fully mitigate the issue.
Mar 28, 2025
AIKIDO-2025-10191
CVE-2024-56364
Medium Riskshuchkin/simplexlsx is vulnerable to Improper Input Validation
Upgrade the shuchkin/simplexlsx library to the patch version.
Mar 28, 2025
AIKIDO-2025-10190
CVE-2025-2783
High Riskelectron is vulnerable to Sandbox Escape
Upgrade the electron library to a patch version.
Mar 28, 2025
AIKIDO-2025-10189
NO CVE
Low Riskxmas-elf is vulnerable to Out-of-bounds Read
Upgrade the xmas-elf library to the patch version.
Mar 27, 2025
AIKIDO-2025-10188
NO CVE
Low Riskalloy-primitives is vulnerable to Undefined Behavior
Upgrade the alloy-primitives library to the patch version.
Mar 26, 2025
AIKIDO-2025-10187
NO CVE
Medium Risk@payloadcms/next is vulnerable to Open Redirect
Upgrade the @payloadcms/next library to the patch version.
Mar 26, 2025
AIKIDO-2025-10186
NO CVE
Medium Riskaxios is vulnerable to Server-side Request Forgery (SSRF)
Upgrade the axios library to a patch version.
Mar 26, 2025
AIKIDO-2025-10185
NO CVE
Medium Riskaxios is vulnerable to Server-side Request Forgery (SSRF)
Upgrade the org.webjars.npm:axios library to a patch version.
Mar 26, 2025
AIKIDO-2025-10184
NO CVE
Medium Riskdecode-formdata is vulnerable to Prototype Pollution
Upgrade the decode-formdata library to the patch version.
Mar 26, 2025
AIKIDO-2025-10183
NO CVE
Low Risk@boxyhq/saml-jackson is vulnerable to Cross-site Scripting (XSS)
Upgrade the @boxyhq/saml-jackson library to the patch version.
Mar 26, 2025
AIKIDO-2025-10182
CVE-2025-0426
Medium Risksigs.k8s.io/azuredisk-csi-driver is vulnerable to Uncontrolled Resource Consumption
Upgrade the sigs.k8s.io/azuredisk-csi-driver library to the patch version.
Mar 26, 2025
AIKIDO-2025-10181
NO CVE
Low Riskgithub.com/quic-go/quic-go is vulnerable to Uncaught Exception
Upgrade the github.com/quic-go/quic-go library to the patch version.
Mar 25, 2025
AIKIDO-2025-10180
NO CVE
Medium Risktrust-dns-proto is vulnerable to Use of Unmaintained Third Party Components
Remove any trust-dns-proto package from your application. Please take a look at <a href="https://crates.io/crates/hickory-proto">hickory-proto</a> instead.
Mar 25, 2025
AIKIDO-2025-10179
NO CVE
Low Riskgithub.com/Clickhouse/Clickhouse-go/v2 is vulnerable to Race Condition
Upgrade the github.com/Clickhouse/Clickhouse-go/v2 library to the patch version.
Mar 25, 2025
AIKIDO-2025-10178
NO CVE
Medium Riskcopy-anything is vulnerable to Prototype Pollution
Upgrade the copy-anything library to the patch version.
Mar 25, 2025
AIKIDO-2025-10177
NO CVE
Medium Riskmerge-anything is vulnerable to Prototype Pollution
Upgrade the merge-anything library to the patch version.
Mar 25, 2025
AIKIDO-2025-10176
NO CVE
Low Riskgithub.com/buildkite/agent/v3 is vulnerable to Exposure of Sensitive Information
Upgrade the github.com/buildkite/agent/v3 library to the patch version.
Mar 25, 2025
AIKIDO-2025-10175
CVE-2025-25500
Medium Riskcosmwasm-std is vulnerable to Authentication Bypass
Upgrade the cosmwasm-std library to the patch version.
Mar 21, 2025
AIKIDO-2025-10174
NO CVE
High Riskelectron is vulnerable to Type Confusion
Upgrade the electron library to a patch version.
Mar 21, 2025
AIKIDO-2025-10173
CVE-2025-22223
High Riskspring-security-config is vulnerable to Authorization Bypass
Upgrade the spring-security-config library to the patch version. If upgrading is not an option, you can either ensure annotations are placed on the target method instead of its parameterized ancestor or publish an AuthorizationManagerBeforeMethodInterceptor to correctly detect annotations on parameterized types.
Mar 20, 2025
AIKIDO-2025-10172
CVE-2025-22228
High Riskspring-security-crypto is vulnerable to Improper Authentication
Upgrade the spring-security-crypto library to the patch version.
Mar 20, 2025
AIKIDO-2025-10171
NO CVE
High Riskanyio is vulnerable to Race Condition
Upgrade the anyio library to the patch version.
Mar 20, 2025
AIKIDO-2025-10170
CVE-2025-22868
High Riskgolang.org/x/oauth2 is vulnerable to Unlimited Resource Consumption
Upgrade the golang.org/x/oauth2 library to the patch version.
Mar 20, 2025
AIKIDO-2025-10169
NO CVE
Medium Riskflutter_callkit_incoming is vulnerable to Improper Access Control
Upgrade the flutter_callkit_incoming library to the patch version.
Mar 19, 2025
AIKIDO-2025-10168
NO CVE
High Risk@syncfusion/ej2-base is vulnerable to Prototype Pollution
Upgrade the @syncfusion/ej2-base library to the patch version.
Mar 19, 2025
AIKIDO-2025-10167
NO CVE
Medium Riskclevertap-react-native is vulnerable to Inadequate Encryption Strength
Upgrade the clevertap-react-native library to the patch version
Mar 18, 2025
AIKIDO-2025-10166
NO CVE
Low RiskMicrosoft.VisualStudio.Threading is vulnerable to Race Condition
Upgrade the Microsoft.VisualStudio.Threading library to the patch version.
Mar 18, 2025
AIKIDO-2025-10165
NO CVE
Low Risklangchain is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Upgrade the langchain library to the patch version.
Mar 18, 2025
AIKIDO-2025-10164
NO CVE
High Riskn8n-nodes-base is vulnerable to SQL injection
Upgrade the n8n-nodes-base library to the patch version.
Mar 18, 2025
AIKIDO-2025-10163
Our intel, your security
Open-source
Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.
License the intel database
Want to integrate our threat intelligence into your product? Get access through our commercial API.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.