Powered by AI + Aikido Research team
Aikido Intel- Open Source Threat Intelligence
Your earliest warning for supply chain threats.
We expose malware and vulnerabilities in open-source ecosystems, within minutes.
vulnerabilities
7
7
4
malware
7
2
5
3
NO CVE
High RiskTypeORM is vulnerable to Improper String Escaping
Upgrade the TypeORM library to the patch version.
Apr 3, 2025
AIKIDO-2025-10205
CVE-2025-29927
Critical @opennextjs/aws is vulnerable to Authorization Bypass
Upgrade the @opennextjs/aws library to the patch version.
Apr 3, 2025
AIKIDO-2025-10204
NO CVE
Critical spryker-shop/company-page is vulnerable to Broken Access Control
Upgrade the spryker-shop/company-page library to the patch version.
Apr 2, 2025
AIKIDO-2025-10203
NO CVE
Medium Riskspryker-shop/company-page is vulnerable to Missing Authorization
Upgrade the spryker-shop/company-page library to the patch version.
Apr 2, 2025
AIKIDO-2025-10202
CVE-2025-1684
High Riskstreamlit is vulnerable to Unrestricted Upload of File with Dangerous Type
Upgrade the streamlit library to the patch version.
Apr 2, 2025
AIKIDO-2025-10201
NO CVE
Medium Riskstatamic/seo-pro is vulnerable to Cross-site Scripting (XSS) - DOM Based
Upgrade the statamic/seo-pro library to the patch version.
Apr 2, 2025
AIKIDO-2025-10200
NO CVE
Medium Risk@payloadcms/next is vulnerable to Open Redirect
Upgrade the @payloadcms/next library to the patch version.
Apr 2, 2025
AIKIDO-2025-10199
NO CVE
Low Riskpyo3 is vulnerable to Buffer Overflow
Upgrade the pyo3 library to the patch version.
Apr 1, 2025
AIKIDO-2025-10198
NO CVE
Medium Riskgithub.com/getsops/sops/v3 is vulnerable to Observable Timing Discrepancy
Upgrade the github.com/getsops/sops/v3 library to the patch version.
Apr 1, 2025
AIKIDO-2025-10197
NO CVE
Medium Risk@remix-run/express is vulnerable to Improper Input Validation
Upgrade the @remix-run/express library to the patch version.
Mar 31, 2025
AIKIDO-2025-10196
NO CVE
Medium RiskRadzen.Blazor is vulnerable to Cross-Site Scripting (XSS)
Upgrade the Radzen.Blazor library to the patch version. Note: some breaking changes have been introduced (compared to 6.3.x). Unicode symbols for icons must now be used directly as characters rather than HTML entities (e.g., replace <RadzenIcon Icon=""/> with <RadzenIcon Icon="@("")"/>). Additionally, dialog titles no longer support HTML content—developers should use DialogContent instead.
Mar 31, 2025
AIKIDO-2025-10195
NO CVE
Low Risksynapse is vulnerable to Authentication Bypass
Upgrade the synapse library to the patch version.
Mar 31, 2025
AIKIDO-2025-10194
NO CVE
High Risk@react-router/express is vulnerable to Cross-Site Request Forgery (CSRF)
Upgrade the @react-router/express library to the patch version.
Mar 31, 2025
AIKIDO-2025-10193
NO CVE
Medium Risk@auth0/nextjs-auth0 is vulnerable to Access Token Exposure
Upgrade the @auth0/nextjs-auth0 library to the patch version.
Mar 31, 2025
AIKIDO-2025-10192
NO CVE
Medium Riskaws-cdk-lib is vulnerable to Incorrect Default Permissions
Upgrade the aws-cdk-lib library to the patch version. Upgrading to the patched version alone is not sufficient; the feature flag @aws-cdk/pipelines:reduceStageRoleTrustScope must be set to true, and the infrastructure must be redeployed to fully mitigate the issue.
Mar 28, 2025
AIKIDO-2025-10191
CVE-2024-56364
Medium Riskshuchkin/simplexlsx is vulnerable to Improper Input Validation
Upgrade the shuchkin/simplexlsx library to the patch version.
Mar 28, 2025
AIKIDO-2025-10190
CVE-2025-2783
High Riskelectron is vulnerable to Sandbox Escape
Upgrade the electron library to a patch version.
Mar 28, 2025
AIKIDO-2025-10189
NO CVE
Low Riskxmas-elf is vulnerable to Out-of-bounds Read
Upgrade the xmas-elf library to the patch version.
Mar 27, 2025
AIKIDO-2025-10188
NO CVE
Low Riskalloy-primitives is vulnerable to Undefined Behavior
Upgrade the alloy-primitives library to the patch version.
Mar 26, 2025
AIKIDO-2025-10187
NO CVE
Medium Risk@payloadcms/next is vulnerable to Open Redirect
Upgrade the @payloadcms/next library to the patch version.
Mar 26, 2025
AIKIDO-2025-10186
NO CVE
Medium Riskaxios is vulnerable to Server-side Request Forgery (SSRF)
Upgrade the axios library to a patch version.
Mar 26, 2025
AIKIDO-2025-10185
NO CVE
Medium Riskaxios is vulnerable to Server-side Request Forgery (SSRF)
Upgrade the org.webjars.npm:axios library to a patch version.
Mar 26, 2025
AIKIDO-2025-10184
NO CVE
Medium Riskdecode-formdata is vulnerable to Prototype Pollution
Upgrade the decode-formdata library to the patch version.
Mar 26, 2025
AIKIDO-2025-10183
NO CVE
Low Risk@boxyhq/saml-jackson is vulnerable to Cross-site Scripting (XSS)
Upgrade the @boxyhq/saml-jackson library to the patch version.
Mar 26, 2025
AIKIDO-2025-10182
CVE-2025-0426
Medium Risksigs.k8s.io/azuredisk-csi-driver is vulnerable to Uncontrolled Resource Consumption
Upgrade the sigs.k8s.io/azuredisk-csi-driver library to the patch version.
Mar 26, 2025
AIKIDO-2025-10181
NO CVE
Low Riskgithub.com/quic-go/quic-go is vulnerable to Uncaught Exception
Upgrade the github.com/quic-go/quic-go library to the patch version.
Mar 25, 2025
AIKIDO-2025-10180
NO CVE
Medium Risktrust-dns-proto is vulnerable to Use of Unmaintained Third Party Components
Remove any trust-dns-proto package from your application. Please take a look at <a href="https://crates.io/crates/hickory-proto">hickory-proto</a> instead.
Mar 25, 2025
AIKIDO-2025-10179
NO CVE
Low Riskgithub.com/Clickhouse/Clickhouse-go/v2 is vulnerable to Race Condition
Upgrade the github.com/Clickhouse/Clickhouse-go/v2 library to the patch version.
Mar 25, 2025
AIKIDO-2025-10178
NO CVE
Medium Riskcopy-anything is vulnerable to Prototype Pollution
Upgrade the copy-anything library to the patch version.
Mar 25, 2025
AIKIDO-2025-10177
NO CVE
Medium Riskmerge-anything is vulnerable to Prototype Pollution
Upgrade the merge-anything library to the patch version.
Mar 25, 2025
AIKIDO-2025-10176
NO CVE
Low Riskgithub.com/buildkite/agent/v3 is vulnerable to Exposure of Sensitive Information
Upgrade the github.com/buildkite/agent/v3 library to the patch version.
Mar 25, 2025
AIKIDO-2025-10175
CVE-2025-25500
Medium Riskcosmwasm-std is vulnerable to Authentication Bypass
Upgrade the cosmwasm-std library to the patch version.
Mar 21, 2025
AIKIDO-2025-10174
NO CVE
High Riskelectron is vulnerable to Type Confusion
Upgrade the electron library to a patch version.
Mar 21, 2025
AIKIDO-2025-10173
CVE-2025-22223
High Riskspring-security-config is vulnerable to Authorization Bypass
Upgrade the spring-security-config library to the patch version. If upgrading is not an option, you can either ensure annotations are placed on the target method instead of its parameterized ancestor or publish an AuthorizationManagerBeforeMethodInterceptor to correctly detect annotations on parameterized types.
Mar 20, 2025
AIKIDO-2025-10172
CVE-2025-22228
High Riskspring-security-crypto is vulnerable to Improper Authentication
Upgrade the spring-security-crypto library to the patch version.
Mar 20, 2025
AIKIDO-2025-10171
NO CVE
High Riskanyio is vulnerable to Race Condition
Upgrade the anyio library to the patch version.
Mar 20, 2025
AIKIDO-2025-10170
Our intel, your security
Open-source
Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.
License the intel database
Want to integrate our threat intelligence into your product? Get access through our commercial API.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.