aikido intel logo

Powered by AI + Aikido Research Team

Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

aikido intel logo

vulnerabilities

1

1

6

3

aikido intel logo

malware

2

3

3

4

5

NO CVE
Low Risk
@cubejs-backend/api-gateway is vulnerable to Generation of Error Message Containing Sensitive Information
Upgrade the @cubejs-backend/api-gateway library to the patch version.
Sep 1, 2025
AIKIDO-2025-10598
NO CVE
Medium Risk
@mapbox/mapbox-gl-geocoder is vulnerable to Cross-site Scripting (XSS)
Upgrade the @mapbox/mapbox-gl-geocoder library to the patch version.
Sep 1, 2025
AIKIDO-2025-10597
NO CVE
Medium Risk
async-std is vulnerable to Use of Unmaintained Third Party Components
Remove any async-std package from your application. Please take a look at <a href="https://crates.io/crates/smol">smol</a> instead.
Sep 1, 2025
AIKIDO-2025-10596
NO CVE
Low Risk
joserfc is vulnerable to Improper Verification of Cryptographic Signature
Upgrade the joserfc library to the patch version.
Sep 1, 2025
AIKIDO-2025-10595
NO CVE
Low Risk
temporal_rs is vulnerable to Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Upgrade the temporal_rs library to the patch version.
Sep 1, 2025
AIKIDO-2025-10594
NO CVE
Medium Risk
github.com/aws/aws-sdk-go is vulnerable to Use of Unmaintained Third Party Components
Remove any github.com/aws/aws-sdk-go package from your application. Please take a look at <a href="https://pkg.go.dev/github.com/aws/aws-sdk-go-v2">github.com/aws/aws-sdk-go-v2</a> instead.
Aug 29, 2025
AIKIDO-2025-10593
CVE-2025-9549
Medium Risk
drupal/facets is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Upgrade the drupal/facets library to the patch version.
Aug 28, 2025
AIKIDO-2025-10592
CVE-2025-2180
Critical
checkov is vulnerable to Unsafe Deserialization
Upgrade checkov to the patch version.
Aug 28, 2025
AIKIDO-2025-10591
CVE-2025-9550
Medium Risk
drupal/facets is vulnerable to Cross-site Scripting (XSS)
Upgrade the drupal/facets library to the patch version.
Aug 28, 2025
AIKIDO-2025-10590
CVE-2025-9551
Medium Risk
drupal/protected_pages is vulnerable to Improper Restriction of Excessive Authentication Attempts
If you use the Protected Pages module for Drupal 8.x, upgrade the drupal/protected_pages library to the patch version.
Aug 28, 2025
AIKIDO-2025-10589
NO CVE
Low Risk
alloy-eips is vulnerable to Integer Overflow
Upgrade the alloy-eips library to the patch version.
Aug 27, 2025
AIKIDO-2025-10588
NO CVE
Low Risk
Altinn.App.Api is vulnerable to Generation of Error Message Containing Sensitive Information
Upgrade the Altinn.App.Api library to the patch version.
Aug 27, 2025
AIKIDO-2025-10587
NO CVE
Medium Risk
github.com/getkin/kin-openapi is vulnerable to Path Traversal
Upgrade the github.com/getkin/kin-openapi library to the patch version.
Aug 25, 2025
AIKIDO-2025-10586
CVE-2025-23303
High Risk
nemo-toolkit is vulnerable to Unsafe Deserialization
Upgrade the nemo-toolkit library to the patch version.
Aug 25, 2025
AIKIDO-2025-10585
NO CVE
Low Risk
repomix is vulnerable to Argument Injection
Upgrade the repomix library to the patch version.
Aug 25, 2025
AIKIDO-2025-10584
NO CVE
Medium Risk
@modelcontextprotocol/sdk is vulnerable to Cross-site Scripting (XSS)
Upgrade the @modelcontextprotocol/sdk library to the patch version.
Aug 25, 2025
AIKIDO-2025-10583
NO CVE
Medium Risk
jupyter-server is vulnerable to Cross-Site Request Forgery (CSRF)
Upgrade the jupyter-server library to the patch version.
Aug 25, 2025
AIKIDO-2025-10582
NO CVE
Low Risk
multisafepay/php-sdk is vulnerable to Timing Attacks
Upgrade the multisafepay/php-sdk library to the patch version.
Aug 25, 2025
AIKIDO-2025-10581
NO CVE
High Risk
tokio-websockets is vulnerable to Out-of-bounds Read
Upgrade the tokio-websockets library to the patch version.
Aug 25, 2025
AIKIDO-2025-10580
NO CVE
Medium Risk
@tdewolff/minify is vulnerable to Uncontrolled Resource Consumption
Upgrade the @tdewolff/minify library to the patch version.
Aug 25, 2025
AIKIDO-2025-10579
NO CVE
Medium Risk
github.com/tdewolff/minify/v2 is vulnerable to Uncontrolled Resource Consumption
Upgrade the github.com/tdewolff/minify/v2 library to the patch version.
Aug 25, 2025
AIKIDO-2025-10578
NO CVE
Medium Risk
github.com/tdewolff/parse/v2 is vulnerable to Uncontrolled Resource Consumption
Upgrade the github.com/tdewolff/parse/v2 library to the patch version.
Aug 25, 2025
AIKIDO-2025-10577
CVE-2025-49556
Critical
magento/product-enterprise-edition is vulnerable to Incorrect Authorization
Upgrade magento/product-enterprise-edition to the patch version.
Aug 25, 2025
AIKIDO-2025-10576
CVE-2025-49556
Critical
magento/product-community-edition is vulnerable to Incorrect Authorization
Upgrade magento/product-community-edition to the patch version.
Aug 25, 2025
AIKIDO-2025-10575
CVE-2025-49556
High Risk
magento/extension-b2b is vulnerable to Incorrect Authorization
Upgrade magento/extension-b2b to the patch version.
Aug 25, 2025
AIKIDO-2025-10574
NO CVE
Low Risk
Bybit.Net is vulnerable to Generation of Error Message Containing Sensitive Information
Upgrade the Bybit.Net library to the patch version.
Aug 25, 2025
AIKIDO-2025-10573
NO CVE
Critical
g4f is vulnerable to Authentication Bypass Using an Alternate Path or Channel
Upgrade the g4f library to the patch version.
Aug 25, 2025
AIKIDO-2025-10572
NO CVE
Medium Risk
@n8n/n8n-nodes-langchain is vulnerable to Cross-site Scripting (XSS)
Upgrade the @n8n/n8n-nodes-langchain library to the patch version.
Aug 20, 2025
AIKIDO-2025-10571
NO CVE
Low Risk
@aligent/cdk-prerender-fargate is vulnerable to Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Upgrade the @aligent/cdk-prerender-fargate library to the patch version.
Aug 20, 2025
AIKIDO-2025-10570
NO CVE
Low Risk
github.com/Datadog/dd-trace-go/contrib/google.golang.org/grpc/v2 is vulnerable to Insertion of Sensitive Information into Log File
Upgrade github.com/Datadog/dd-trace-go/contrib/google.golang.org/grpc/v2 to the patch version.
Aug 20, 2025
AIKIDO-2025-10569
NO CVE
Medium Risk
utilium is vulnerable to Prototype Pollution
Upgrade the utilium library to the patch version.
Aug 20, 2025
AIKIDO-2025-10568
NO CVE
Medium Risk
copier is vulnerable to Path Traversal
Upgrade the copier library to the patch version.
Aug 19, 2025
AIKIDO-2025-10567
NO CVE
Medium Risk
browserslist is vulnerable to Inefficient Regular Expression Complexity
Upgrade the browserslist library to the patch version.
Aug 19, 2025
AIKIDO-2025-10566
NO CVE
Low Risk
aiogram is vulnerable to Observable Timing Discrepancy
Upgrade the aiogram library to the patch version.
Aug 18, 2025
AIKIDO-2025-10565
NO CVE
Medium Risk
@fastify/busboy is vulnerable to Improper Input Validation
Upgrade the @fastify/busboy library to the patch version.
Aug 18, 2025
AIKIDO-2025-10564
NO CVE
Low Risk
github.com/hashicorp/go-getter is vulnerable to Insertion of Sensitive Information into Log File
Upgrade github.com/hashicorp/go-getter to a patch version.
Aug 18, 2025
AIKIDO-2025-10563

Our intel, your security

open-source

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

share

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

aikido

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Secure everything you build, host and run with Aikido

Get Secure
Logo
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.