aikido intel logo

Powered by AI + Aikido Research team

Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

aikido intel logo

vulnerabilities

7

7

4

aikido intel logo

malware

7

2

5

3

NO CVE
High Risk
TypeORM is vulnerable to Improper String Escaping
Upgrade the TypeORM library to the patch version.
Apr 3, 2025
AIKIDO-2025-10205
CVE-2025-29927
Critical
@opennextjs/aws is vulnerable to Authorization Bypass
Upgrade the @opennextjs/aws library to the patch version.
Apr 3, 2025
AIKIDO-2025-10204
NO CVE
Critical
spryker-shop/company-page is vulnerable to Broken Access Control
Upgrade the spryker-shop/company-page library to the patch version.
Apr 2, 2025
AIKIDO-2025-10203
NO CVE
Medium Risk
spryker-shop/company-page is vulnerable to Missing Authorization
Upgrade the spryker-shop/company-page library to the patch version.
Apr 2, 2025
AIKIDO-2025-10202
CVE-2025-1684
High Risk
streamlit is vulnerable to Unrestricted Upload of File with Dangerous Type
Upgrade the streamlit library to the patch version.
Apr 2, 2025
AIKIDO-2025-10201
NO CVE
Medium Risk
statamic/seo-pro is vulnerable to Cross-site Scripting (XSS) - DOM Based
Upgrade the statamic/seo-pro library to the patch version.
Apr 2, 2025
AIKIDO-2025-10200
NO CVE
Medium Risk
@payloadcms/next is vulnerable to Open Redirect
Upgrade the @payloadcms/next library to the patch version.
Apr 2, 2025
AIKIDO-2025-10199
NO CVE
Low Risk
pyo3 is vulnerable to Buffer Overflow
Upgrade the pyo3 library to the patch version.
Apr 1, 2025
AIKIDO-2025-10198
NO CVE
Medium Risk
github.com/getsops/sops/v3 is vulnerable to Observable Timing Discrepancy
Upgrade the github.com/getsops/sops/v3 library to the patch version.
Apr 1, 2025
AIKIDO-2025-10197
NO CVE
Medium Risk
@remix-run/express is vulnerable to Improper Input Validation
Upgrade the @remix-run/express library to the patch version.
Mar 31, 2025
AIKIDO-2025-10196
NO CVE
Medium Risk
Radzen.Blazor is vulnerable to Cross-Site Scripting (XSS)
Upgrade the Radzen.Blazor library to the patch version. Note: some breaking changes have been introduced (compared to 6.3.x). Unicode symbols for icons must now be used directly as characters rather than HTML entities (e.g., replace <RadzenIcon Icon="&#xf015"/> with <RadzenIcon Icon="@("")"/>). Additionally, dialog titles no longer support HTML content—developers should use DialogContent instead.
Mar 31, 2025
AIKIDO-2025-10195
NO CVE
Low Risk
synapse is vulnerable to Authentication Bypass
Upgrade the synapse library to the patch version.
Mar 31, 2025
AIKIDO-2025-10194
NO CVE
High Risk
@react-router/express is vulnerable to Cross-Site Request Forgery (CSRF)
Upgrade the @react-router/express library to the patch version.
Mar 31, 2025
AIKIDO-2025-10193
NO CVE
Medium Risk
@auth0/nextjs-auth0 is vulnerable to Access Token Exposure
Upgrade the @auth0/nextjs-auth0 library to the patch version.
Mar 31, 2025
AIKIDO-2025-10192
NO CVE
Medium Risk
aws-cdk-lib is vulnerable to Incorrect Default Permissions
Upgrade the aws-cdk-lib library to the patch version. Upgrading to the patched version alone is not sufficient; the feature flag @aws-cdk/pipelines:reduceStageRoleTrustScope must be set to true, and the infrastructure must be redeployed to fully mitigate the issue.
Mar 28, 2025
AIKIDO-2025-10191
CVE-2024-56364
Medium Risk
shuchkin/simplexlsx is vulnerable to Improper Input Validation
Upgrade the shuchkin/simplexlsx library to the patch version.
Mar 28, 2025
AIKIDO-2025-10190
CVE-2025-2783
High Risk
electron is vulnerable to Sandbox Escape
Upgrade the electron library to a patch version.
Mar 28, 2025
AIKIDO-2025-10189
NO CVE
Low Risk
xmas-elf is vulnerable to Out-of-bounds Read
Upgrade the xmas-elf library to the patch version.
Mar 27, 2025
AIKIDO-2025-10188
NO CVE
Low Risk
alloy-primitives is vulnerable to Undefined Behavior
Upgrade the alloy-primitives library to the patch version.
Mar 26, 2025
AIKIDO-2025-10187
NO CVE
Medium Risk
@payloadcms/next is vulnerable to Open Redirect
Upgrade the @payloadcms/next library to the patch version.
Mar 26, 2025
AIKIDO-2025-10186
NO CVE
Medium Risk
axios is vulnerable to Server-side Request Forgery (SSRF)
Upgrade the axios library to a patch version.
Mar 26, 2025
AIKIDO-2025-10185
NO CVE
Medium Risk
axios is vulnerable to Server-side Request Forgery (SSRF)
Upgrade the org.webjars.npm:axios library to a patch version.
Mar 26, 2025
AIKIDO-2025-10184
NO CVE
Medium Risk
decode-formdata is vulnerable to Prototype Pollution
Upgrade the decode-formdata library to the patch version.
Mar 26, 2025
AIKIDO-2025-10183
NO CVE
Low Risk
@boxyhq/saml-jackson is vulnerable to Cross-site Scripting (XSS)
Upgrade the @boxyhq/saml-jackson library to the patch version.
Mar 26, 2025
AIKIDO-2025-10182
CVE-2025-0426
Medium Risk
sigs.k8s.io/azuredisk-csi-driver is vulnerable to Uncontrolled Resource Consumption
Upgrade the sigs.k8s.io/azuredisk-csi-driver library to the patch version.
Mar 26, 2025
AIKIDO-2025-10181
NO CVE
Low Risk
github.com/quic-go/quic-go is vulnerable to Uncaught Exception
Upgrade the github.com/quic-go/quic-go library to the patch version.
Mar 25, 2025
AIKIDO-2025-10180
NO CVE
Medium Risk
trust-dns-proto is vulnerable to Use of Unmaintained Third Party Components
Remove any trust-dns-proto package from your application. Please take a look at <a href="https://crates.io/crates/hickory-proto">hickory-proto</a> instead.
Mar 25, 2025
AIKIDO-2025-10179
NO CVE
Low Risk
github.com/Clickhouse/Clickhouse-go/v2 is vulnerable to Race Condition
Upgrade the github.com/Clickhouse/Clickhouse-go/v2 library to the patch version.
Mar 25, 2025
AIKIDO-2025-10178
NO CVE
Medium Risk
copy-anything is vulnerable to Prototype Pollution
Upgrade the copy-anything library to the patch version.
Mar 25, 2025
AIKIDO-2025-10177
NO CVE
Medium Risk
merge-anything is vulnerable to Prototype Pollution
Upgrade the merge-anything library to the patch version.
Mar 25, 2025
AIKIDO-2025-10176
NO CVE
Low Risk
github.com/buildkite/agent/v3 is vulnerable to Exposure of Sensitive Information
Upgrade the github.com/buildkite/agent/v3 library to the patch version.
Mar 25, 2025
AIKIDO-2025-10175
CVE-2025-25500
Medium Risk
cosmwasm-std is vulnerable to Authentication Bypass
Upgrade the cosmwasm-std library to the patch version.
Mar 21, 2025
AIKIDO-2025-10174
NO CVE
High Risk
electron is vulnerable to Type Confusion
Upgrade the electron library to a patch version.
Mar 21, 2025
AIKIDO-2025-10173
CVE-2025-22223
High Risk
spring-security-config is vulnerable to Authorization Bypass
Upgrade the spring-security-config library to the patch version. If upgrading is not an option, you can either ensure annotations are placed on the target method instead of its parameterized ancestor or publish an AuthorizationManagerBeforeMethodInterceptor to correctly detect annotations on parameterized types.
Mar 20, 2025
AIKIDO-2025-10172
CVE-2025-22228
High Risk
spring-security-crypto is vulnerable to Improper Authentication
Upgrade the spring-security-crypto library to the patch version.
Mar 20, 2025
AIKIDO-2025-10171
NO CVE
High Risk
anyio is vulnerable to Race Condition
Upgrade the anyio library to the patch version.
Mar 20, 2025
AIKIDO-2025-10170

Our intel, your security

open-source

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

share

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

aikido

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Secure everything you build, host and run with Aikido

Get Secure
Logo
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.