aikido intel logo

Powered by AI + Aikido Research team

Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

aikido intel logo

vulnerabilities

7

6

7

aikido intel logo

malware

6

9

1

3

NO CVE
Low Risk
pyo3 is vulnerable to Buffer Overflow
Upgrade the pyo3 library to the patch version.
Apr 1, 2025
AIKIDO-2025-10198
NO CVE
Medium Risk
github.com/getsops/sops/v3 is vulnerable to Observable Timing Discrepancy
Upgrade the github.com/getsops/sops/v3 library to the patch version.
Apr 1, 2025
AIKIDO-2025-10197
NO CVE
Medium Risk
@remix-run/express is vulnerable to Improper Input Validation
Upgrade the @remix-run/express library to the patch version.
Mar 31, 2025
AIKIDO-2025-10196
NO CVE
Medium Risk
Radzen.Blazor is vulnerable to Cross-Site Scripting (XSS)
Upgrade the Radzen.Blazor library to the patch version. Note: some breaking changes have been introduced (compared to 6.3.x). Unicode symbols for icons must now be used directly as characters rather than HTML entities (e.g., replace <RadzenIcon Icon="&#xf015"/> with <RadzenIcon Icon="@("")"/>). Additionally, dialog titles no longer support HTML content—developers should use DialogContent instead.
Mar 31, 2025
AIKIDO-2025-10195
NO CVE
Low Risk
synapse is vulnerable to Authentication Bypass
Upgrade the synapse library to the patch version.
Mar 31, 2025
AIKIDO-2025-10194
NO CVE
High Risk
@react-router/express is vulnerable to Cross-Site Request Forgery (CSRF)
Upgrade the @react-router/express library to the patch version.
Mar 31, 2025
AIKIDO-2025-10193
NO CVE
Medium Risk
@auth0/nextjs-auth0 is vulnerable to Access Token Exposure
Upgrade the @auth0/nextjs-auth0 library to the patch version.
Mar 31, 2025
AIKIDO-2025-10192
NO CVE
Medium Risk
aws-cdk-lib is vulnerable to Incorrect Default Permissions
Upgrade the aws-cdk-lib library to the patch version. Upgrading to the patched version alone is not sufficient; the feature flag @aws-cdk/pipelines:reduceStageRoleTrustScope must be set to true, and the infrastructure must be redeployed to fully mitigate the issue.
Mar 28, 2025
AIKIDO-2025-10191
CVE-2024-56364
Medium Risk
shuchkin/simplexlsx is vulnerable to Improper Input Validation
Upgrade the shuchkin/simplexlsx library to the patch version.
Mar 28, 2025
AIKIDO-2025-10190
CVE-2025-2783
High Risk
electron is vulnerable to Sandbox Escape
Upgrade the electron library to a patch version.
Mar 28, 2025
AIKIDO-2025-10189
NO CVE
Low Risk
xmas-elf is vulnerable to Out-of-bounds Read
Upgrade the xmas-elf library to the patch version.
Mar 27, 2025
AIKIDO-2025-10188
NO CVE
Low Risk
alloy-primitives is vulnerable to Undefined Behavior
Upgrade the alloy-primitives library to the patch version.
Mar 26, 2025
AIKIDO-2025-10187
NO CVE
Medium Risk
@payloadcms/next is vulnerable to Open Redirect
Upgrade the @payloadcms/next library to the patch version.
Mar 26, 2025
AIKIDO-2025-10186
NO CVE
Medium Risk
axios is vulnerable to Server-side Request Forgery (SSRF)
Upgrade the axios library to a patch version.
Mar 26, 2025
AIKIDO-2025-10185
NO CVE
Medium Risk
axios is vulnerable to Server-side Request Forgery (SSRF)
Upgrade the org.webjars.npm:axios library to a patch version.
Mar 26, 2025
AIKIDO-2025-10184
NO CVE
Medium Risk
decode-formdata is vulnerable to Prototype Pollution
Upgrade the decode-formdata library to the patch version.
Mar 26, 2025
AIKIDO-2025-10183
NO CVE
Low Risk
@boxyhq/saml-jackson is vulnerable to Cross-site Scripting (XSS)
Upgrade the @boxyhq/saml-jackson library to the patch version.
Mar 26, 2025
AIKIDO-2025-10182
CVE-2025-0426
Medium Risk
sigs.k8s.io/azuredisk-csi-driver is vulnerable to Uncontrolled Resource Consumption
Upgrade the sigs.k8s.io/azuredisk-csi-driver library to the patch version.
Mar 26, 2025
AIKIDO-2025-10181
NO CVE
Low Risk
github.com/quic-go/quic-go is vulnerable to Uncaught Exception
Upgrade the github.com/quic-go/quic-go library to the patch version.
Mar 25, 2025
AIKIDO-2025-10180
NO CVE
Medium Risk
trust-dns-proto is vulnerable to Use of Unmaintained Third Party Components
Remove any trust-dns-proto package from your application. Please take a look at <a href="https://crates.io/crates/hickory-proto">hickory-proto</a> instead.
Mar 25, 2025
AIKIDO-2025-10179
NO CVE
Low Risk
github.com/Clickhouse/Clickhouse-go/v2 is vulnerable to Race Condition
Upgrade the github.com/Clickhouse/Clickhouse-go/v2 library to the patch version.
Mar 25, 2025
AIKIDO-2025-10178
NO CVE
Medium Risk
copy-anything is vulnerable to Prototype Pollution
Upgrade the copy-anything library to the patch version.
Mar 25, 2025
AIKIDO-2025-10177
NO CVE
Medium Risk
merge-anything is vulnerable to Prototype Pollution
Upgrade the merge-anything library to the patch version.
Mar 25, 2025
AIKIDO-2025-10176
NO CVE
Low Risk
github.com/buildkite/agent/v3 is vulnerable to Exposure of Sensitive Information
Upgrade the github.com/buildkite/agent/v3 library to the patch version.
Mar 25, 2025
AIKIDO-2025-10175
CVE-2025-25500
Medium Risk
cosmwasm-std is vulnerable to Authentication Bypass
Upgrade the cosmwasm-std library to the patch version.
Mar 21, 2025
AIKIDO-2025-10174
NO CVE
High Risk
electron is vulnerable to Type Confusion
Upgrade the electron library to a patch version.
Mar 21, 2025
AIKIDO-2025-10173
CVE-2025-22223
High Risk
spring-security-config is vulnerable to Authorization Bypass
Upgrade the spring-security-config library to the patch version. If upgrading is not an option, you can either ensure annotations are placed on the target method instead of its parameterized ancestor or publish an AuthorizationManagerBeforeMethodInterceptor to correctly detect annotations on parameterized types.
Mar 20, 2025
AIKIDO-2025-10172
CVE-2025-22228
High Risk
spring-security-crypto is vulnerable to Improper Authentication
Upgrade the spring-security-crypto library to the patch version.
Mar 20, 2025
AIKIDO-2025-10171
NO CVE
High Risk
anyio is vulnerable to Race Condition
Upgrade the anyio library to the patch version.
Mar 20, 2025
AIKIDO-2025-10170
CVE-2025-22868
High Risk
golang.org/x/oauth2 is vulnerable to Unlimited Resource Consumption
Upgrade the golang.org/x/oauth2 library to the patch version.
Mar 20, 2025
AIKIDO-2025-10169
NO CVE
Medium Risk
flutter_callkit_incoming is vulnerable to Improper Access Control
Upgrade the flutter_callkit_incoming library to the patch version.
Mar 19, 2025
AIKIDO-2025-10168
NO CVE
High Risk
@syncfusion/ej2-base is vulnerable to Prototype Pollution
Upgrade the @syncfusion/ej2-base library to the patch version.
Mar 19, 2025
AIKIDO-2025-10167
NO CVE
Medium Risk
clevertap-react-native is vulnerable to Inadequate Encryption Strength
Upgrade the clevertap-react-native library to the patch version
Mar 18, 2025
AIKIDO-2025-10166
NO CVE
Low Risk
Microsoft.VisualStudio.Threading is vulnerable to Race Condition
Upgrade the Microsoft.VisualStudio.Threading library to the patch version.
Mar 18, 2025
AIKIDO-2025-10165
NO CVE
Low Risk
langchain is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Upgrade the langchain library to the patch version.
Mar 18, 2025
AIKIDO-2025-10164
NO CVE
High Risk
n8n-nodes-base is vulnerable to SQL injection
Upgrade the n8n-nodes-base library to the patch version.
Mar 18, 2025
AIKIDO-2025-10163

Our intel, your security

open-source

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

share

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

aikido

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Secure everything you build, host and run with Aikido

Get Secure
Logo
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.