Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

vulnerabilities

malware

Protect yourself from malware upon install with Aikido SafeChain (open source)

Install SafeChain

Search and compare health of Open-Source Packages. Make confident, secure choices for your next build.

Open Aikido's Package Health

All Ecosystems

Sort on Date

CVE-2025-13980

Medium Risk

drupal/ckeditor5_premium_features is vulnerable to Access bypass

Upgrade the drupal/ckeditor5_premium_features library to the patch version.

Dec 5, 2025

AIKIDO-2025-10893

NO CVE

Medium Risk

@novu/framework is vulnerable to Cross-Site Scripting (XSS)

Upgrade the @novu/framework library to the patch version.

Dec 5, 2025

AIKIDO-2025-10891

NO CVE

High Risk

elysia is vulnerable to Improper Control of Generation of Code ('Code Injection')

Upgrade the elysia library to the patch version.

Dec 5, 2025

AIKIDO-2025-10890

NO CVE

High Risk

elysia is vulnerable to Prototype Pollution

Upgrade the elysia library to the patch version.

Dec 5, 2025

AIKIDO-2025-10889

NO CVE

Medium Risk

ultralytics is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Upgrade the ultralytics library to the patch version.

Dec 5, 2025

AIKIDO-2025-10888

NO CVE

Low Risk

parse-server is vulnerable to Generation of Error Message Containing Sensitive Information

Upgrade the parse-server library to the patch version.

Dec 5, 2025

AIKIDO-2025-10887

NO CVE

High Risk

luracast/restler is vulnerable to Deserialization of Untrusted Data

Upgrade the luracast/restler library to the patch version.

Dec 5, 2025

AIKIDO-2025-10886

CVE-2025-66412

High Risk

compiler is vulnerable to Cross-Site Scripting (XSS)

Upgrade the org.mvnpm.at.angular:compiler library to the patch version.

Dec 5, 2025

AIKIDO-2025-10885

NO CVE

Medium Risk

graphql-upload-minimal is vulnerable to Prototype Pollution

Upgrade the graphql-upload-minimal library to the patch version.

Dec 5, 2025

AIKIDO-2025-10884

NO CVE

Medium Risk

github.com/rancher/webhook is vulnerable to Weak Password Requirements

Upgrade the github.com/rancher/webhook library to the patch version.

Dec 4, 2025

AIKIDO-2025-10883

NO CVE

Low Risk

ulid is vulnerable to Use of Insufficiently Random Values

Upgrade the ulid library to the patch version.

Dec 4, 2025

AIKIDO-2025-10882

NO CVE

Low Risk

celery is vulnerable to Insertion of Sensitive Information into Log File

Upgrade celery to a patch version.

Dec 4, 2025

AIKIDO-2025-10881

NO CVE

Critical

codesvault/howdy-qb is vulnerable to SQL Injection

Upgrade the codesvault/howdy-qb library to the patch version.

Dec 4, 2025

AIKIDO-2025-10880

NO CVE

High Risk

astro is vulnerable to Authentication Bypass Using an Alternate Path or Channel

Upgrade the astro library to the patch version.

Dec 4, 2025

AIKIDO-2025-10879

NO CVE

Medium Risk

doctrine/dbal is vulnerable to Insertion of Sensitive Information into Log File

Upgrade the doctrine/dbal library to the patch version.

Dec 4, 2025

AIKIDO-2025-10878

NO CVE

Critical

verbb/social-login is vulnerable to Improper Authentication

Upgrade the verbb/social-login library to the patch version.

Dec 4, 2025

AIKIDO-2025-10877

NO CVE

Medium Risk

schrammel-codes/magento2-epc-qr-code is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Upgrade the schrammel-codes/magento2-epc-qr-code library to the patch version.

Dec 3, 2025

AIKIDO-2025-10876

NO CVE

Low Risk

SharpCompress is vulnerable to Denial of Service (DoS)

Upgrade the SharpCompress library to the patch version.

Dec 3, 2025

AIKIDO-2025-10875

NO CVE

Medium Risk

serialize-javascript is vulnerable to Cross Site Scripting (XSS)

Upgrade the serialize-javascript library to the patch version.

Dec 3, 2025

AIKIDO-2025-10874

NO CVE

Low Risk

@logtape/redaction is vulnerable to Insertion of Sensitive Information into Log File

Upgrade the @logtape/redaction library to the patch version.

Dec 3, 2025

AIKIDO-2025-10873

NO CVE

Critical

kamal is vulnerable to Command Injection

Upgrade the kamal library to the patch version.

Dec 3, 2025

AIKIDO-2025-10872

GHSA-rcmh-qjqh-p98v

Low Risk

postal-mime is vulnerable to Denial of Service (DoS)

Upgrade the postal-mime library to the patch version.

Dec 3, 2025

AIKIDO-2025-10871

NO CVE

Medium Risk

jsxgraph is vulnerable to Cross-site Scripting (XSS)

Upgrade the jsxgraph library to the patch version.

Dec 3, 2025

AIKIDO-2025-10870

CVE-2025-66478

Critical

next is vulnerable to Remote Code Execution (RCE)

Upgrade the react-server-dom-turbopack library to the patch version.

Dec 3, 2025

AIKIDO-2025-10869

CVE-2025-55182

Critical

react-server-dom-turbopack is vulnerable to Remote Code Execution (RCE)

Upgrade the react-server-dom-turbopack library to the patch version.

Dec 3, 2025

AIKIDO-2025-10868

CVE-2025-55182

Critical

react-server-dom-parcel is vulnerable to Remote Code Execution (RCE)

Upgrade the react-server-dom-parcel library to the patch version.

Dec 3, 2025

AIKIDO-2025-10867

CVE-2025-55182

Critical

react-server-dom-webpack is vulnerable to Remote Code Execution (RCE)

Upgrade the react-server-dom-webpack library to the patch version.

Dec 3, 2025

AIKIDO-2025-10866

NO CVE

Medium Risk

itk is vulnerable to Out-of-bounds Read

Upgrade itk library to patch version.

Dec 1, 2025

AIKIDO-2025-10865

NO CVE

Low Risk

rollbar/rollbar is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Upgrade the rollbar/rollbar library to the patch version.

Dec 1, 2025

AIKIDO-2025-10864

NO CVE

Low Risk

TrustWalletCore is vulnerable to Out-of-bounds Read

Upgrade the TrustWalletCore library to a patch version.

Dec 1, 2025

AIKIDO-2025-10863

NO CVE

Low Risk

@trustwallet/wallet-core is vulnerable to Out-of-bounds Read

Upgrade the @trustwallet/wallet-core library to a patch version.

Dec 1, 2025

AIKIDO-2025-10862

NO CVE

Critical

binary-parser is vulnerable to Code Injection

Upgrade the binary-parser library to the patch version.

Dec 1, 2025

AIKIDO-2025-10861

NO CVE

High Risk

dereuromark/cakephp-feed is vulnerable to Path Traversal

Upgrade the dereuromark/cakephp-feed library to the patch version.

Dec 1, 2025

AIKIDO-2025-10860

NO CVE

Low Risk

craftcms/cms is vulnerable to Unrestricted Upload of File with Dangerous Type

Upgrade the craftcms/cms library to the patch version.

Dec 1, 2025

AIKIDO-2025-10859

NO CVE

Low Risk

sqlparse is vulnerable to Allocation of Resources Without Limits or Throttling

Upgrade the sqlparse library to the patch version.

Dec 1, 2025

AIKIDO-2025-10858

NO CVE

Low Risk

kreuzberg is vulnerable to Permissive Regular Expression

Upgrade the kreuzberg library to the patch version.

Dec 1, 2025

AIKIDO-2025-10857

Our intel, your security

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure

🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium

🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium

🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US

Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.

The Intel vulnerability and malware feed is licensed under a dual license.