Powered by AI + Aikido Research Team
Aikido Intel- Open Source Threat Intelligence
Your earliest warning for supply chain threats.
We expose malware and vulnerabilities in open-source ecosystems, within minutes.
vulnerabilities
1
1
6
3
malware
2
3
3
4
5
NO CVE
Low Risk@cubejs-backend/api-gateway is vulnerable to Generation of Error Message Containing Sensitive Information
Upgrade the @cubejs-backend/api-gateway library to the patch version.
Sep 1, 2025
AIKIDO-2025-10598
NO CVE
Medium Risk@mapbox/mapbox-gl-geocoder is vulnerable to Cross-site Scripting (XSS)
Upgrade the @mapbox/mapbox-gl-geocoder library to the patch version.
Sep 1, 2025
AIKIDO-2025-10597
NO CVE
Medium Riskasync-std is vulnerable to Use of Unmaintained Third Party Components
Remove any async-std package from your application. Please take a look at <a href="https://crates.io/crates/smol">smol</a> instead.
Sep 1, 2025
AIKIDO-2025-10596
NO CVE
Low Riskjoserfc is vulnerable to Improper Verification of Cryptographic Signature
Upgrade the joserfc library to the patch version.
Sep 1, 2025
AIKIDO-2025-10595
NO CVE
Low Risktemporal_rs is vulnerable to Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Upgrade the temporal_rs library to the patch version.
Sep 1, 2025
AIKIDO-2025-10594
NO CVE
Medium Riskgithub.com/aws/aws-sdk-go is vulnerable to Use of Unmaintained Third Party Components
Remove any github.com/aws/aws-sdk-go package from your application. Please take a look at <a href="https://pkg.go.dev/github.com/aws/aws-sdk-go-v2">github.com/aws/aws-sdk-go-v2</a> instead.
Aug 29, 2025
AIKIDO-2025-10593
CVE-2025-9549
Medium Riskdrupal/facets is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Upgrade the drupal/facets library to the patch version.
Aug 28, 2025
AIKIDO-2025-10592
CVE-2025-2180
Critical checkov is vulnerable to Unsafe Deserialization
Upgrade checkov to the patch version.
Aug 28, 2025
AIKIDO-2025-10591
CVE-2025-9550
Medium Riskdrupal/facets is vulnerable to Cross-site Scripting (XSS)
Upgrade the drupal/facets library to the patch version.
Aug 28, 2025
AIKIDO-2025-10590
CVE-2025-9551
Medium Riskdrupal/protected_pages is vulnerable to Improper Restriction of Excessive Authentication Attempts
If you use the Protected Pages module for Drupal 8.x, upgrade the drupal/protected_pages library to the patch version.
Aug 28, 2025
AIKIDO-2025-10589
NO CVE
Low Riskalloy-eips is vulnerable to Integer Overflow
Upgrade the alloy-eips library to the patch version.
Aug 27, 2025
AIKIDO-2025-10588
NO CVE
Low RiskAltinn.App.Api is vulnerable to Generation of Error Message Containing Sensitive Information
Upgrade the Altinn.App.Api library to the patch version.
Aug 27, 2025
AIKIDO-2025-10587
NO CVE
Medium Riskgithub.com/getkin/kin-openapi is vulnerable to Path Traversal
Upgrade the github.com/getkin/kin-openapi library to the patch version.
Aug 25, 2025
AIKIDO-2025-10586
CVE-2025-23303
High Risknemo-toolkit is vulnerable to Unsafe Deserialization
Upgrade the nemo-toolkit library to the patch version.
Aug 25, 2025
AIKIDO-2025-10585
NO CVE
Low Riskrepomix is vulnerable to Argument Injection
Upgrade the repomix library to the patch version.
Aug 25, 2025
AIKIDO-2025-10584
NO CVE
Medium Risk@modelcontextprotocol/sdk is vulnerable to Cross-site Scripting (XSS)
Upgrade the @modelcontextprotocol/sdk library to the patch version.
Aug 25, 2025
AIKIDO-2025-10583
NO CVE
Medium Riskjupyter-server is vulnerable to Cross-Site Request Forgery (CSRF)
Upgrade the jupyter-server library to the patch version.
Aug 25, 2025
AIKIDO-2025-10582
NO CVE
Low Riskmultisafepay/php-sdk is vulnerable to Timing Attacks
Upgrade the multisafepay/php-sdk library to the patch version.
Aug 25, 2025
AIKIDO-2025-10581
NO CVE
High Risktokio-websockets is vulnerable to Out-of-bounds Read
Upgrade the tokio-websockets library to the patch version.
Aug 25, 2025
AIKIDO-2025-10580
NO CVE
Medium Risk@tdewolff/minify is vulnerable to Uncontrolled Resource Consumption
Upgrade the @tdewolff/minify library to the patch version.
Aug 25, 2025
AIKIDO-2025-10579
NO CVE
Medium Riskgithub.com/tdewolff/minify/v2 is vulnerable to Uncontrolled Resource Consumption
Upgrade the github.com/tdewolff/minify/v2 library to the patch version.
Aug 25, 2025
AIKIDO-2025-10578
NO CVE
Medium Riskgithub.com/tdewolff/parse/v2 is vulnerable to Uncontrolled Resource Consumption
Upgrade the github.com/tdewolff/parse/v2 library to the patch version.
Aug 25, 2025
AIKIDO-2025-10577
CVE-2025-49556
Critical magento/product-enterprise-edition is vulnerable to Incorrect Authorization
Upgrade magento/product-enterprise-edition to the patch version.
Aug 25, 2025
AIKIDO-2025-10576
CVE-2025-49556
Critical magento/product-community-edition is vulnerable to Incorrect Authorization
Upgrade magento/product-community-edition to the patch version.
Aug 25, 2025
AIKIDO-2025-10575
CVE-2025-49556
High Riskmagento/extension-b2b is vulnerable to Incorrect Authorization
Upgrade magento/extension-b2b to the patch version.
Aug 25, 2025
AIKIDO-2025-10574
NO CVE
Low RiskBybit.Net is vulnerable to Generation of Error Message Containing Sensitive Information
Upgrade the Bybit.Net library to the patch version.
Aug 25, 2025
AIKIDO-2025-10573
NO CVE
Critical g4f is vulnerable to Authentication Bypass Using an Alternate Path or Channel
Upgrade the g4f library to the patch version.
Aug 25, 2025
AIKIDO-2025-10572
NO CVE
Medium Risk@n8n/n8n-nodes-langchain is vulnerable to Cross-site Scripting (XSS)
Upgrade the @n8n/n8n-nodes-langchain library to the patch version.
Aug 20, 2025
AIKIDO-2025-10571
NO CVE
Low Risk@aligent/cdk-prerender-fargate is vulnerable to Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Upgrade the @aligent/cdk-prerender-fargate library to the patch version.
Aug 20, 2025
AIKIDO-2025-10570
NO CVE
Low Riskgithub.com/Datadog/dd-trace-go/contrib/google.golang.org/grpc/v2 is vulnerable to Insertion of Sensitive Information into Log File
Upgrade github.com/Datadog/dd-trace-go/contrib/google.golang.org/grpc/v2 to the patch version.
Aug 20, 2025
AIKIDO-2025-10569
NO CVE
Medium Riskutilium is vulnerable to Prototype Pollution
Upgrade the utilium library to the patch version.
Aug 20, 2025
AIKIDO-2025-10568
NO CVE
Medium Riskcopier is vulnerable to Path Traversal
Upgrade the copier library to the patch version.
Aug 19, 2025
AIKIDO-2025-10567
NO CVE
Medium Riskbrowserslist is vulnerable to Inefficient Regular Expression Complexity
Upgrade the browserslist library to the patch version.
Aug 19, 2025
AIKIDO-2025-10566
NO CVE
Low Riskaiogram is vulnerable to Observable Timing Discrepancy
Upgrade the aiogram library to the patch version.
Aug 18, 2025
AIKIDO-2025-10565
NO CVE
Medium Risk@fastify/busboy is vulnerable to Improper Input Validation
Upgrade the @fastify/busboy library to the patch version.
Aug 18, 2025
AIKIDO-2025-10564
NO CVE
Low Riskgithub.com/hashicorp/go-getter is vulnerable to Insertion of Sensitive Information into Log File
Upgrade github.com/hashicorp/go-getter to a patch version.
Aug 18, 2025
AIKIDO-2025-10563
Our intel, your security
Open-source
Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.
License the intel database
Want to integrate our threat intelligence into your product? Get access through our commercial API.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.