Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

vulnerabilities

malware

Protect yourself from malware upon install with Aikido SafeChain (open source)

Install SafeChain

Search and compare health of Open-Source Packages. Make confident, secure choices for your next build.

Open Aikido's Package Health

All Ecosystems

Sort on Date

NO CVE

High Risk

signalk-server is vulnerable to Prototype Pollution

Upgrade the signalk-server library to a patch version.

Jan 22, 2026

AIKIDO-2026-10079

NO CVE

Medium Risk

camel-ai is vulnerable to Server-Side Request Forgery

Upgrade the camel-ai library to the patch version.

Jan 22, 2026

AIKIDO-2026-10078

NO CVE

Low Risk

@elizaos/cli is vulnerable to Insufficiently Protected Credentials

Upgrade the elizaos library to the patch version.

Jan 22, 2026

AIKIDO-2026-10077

NO CVE

High Risk

py7zr is vulnerable to Path Traversal

Upgrade the py7zr library to the patch version.

Jan 22, 2026

AIKIDO-2026-10076

NO CVE

Medium Risk

@yaireo/tagify is vulnerable to Cross-site Scripting (XSS)

Upgrade the @yaireo/tagify library to the patch version.

Jan 21, 2026

AIKIDO-2026-10075

NO CVE

Medium Risk

lob is vulnerable to Path Traversal

Upgrade the lob library to the patch version.

Jan 21, 2026

AIKIDO-2026-10074

NO CVE

High Risk

borgmatic is vulnerable to Command Injection

Upgrade the borgmatic library to the patch version.

Jan 21, 2026

AIKIDO-2026-10073

NO CVE

Medium Risk

grammy is vulnerable to Timing Attacks

Upgrade the grammy library to the patch version.

Jan 21, 2026

AIKIDO-2026-10072

NO CVE

Medium Risk

pydash is vulnerable to Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Upgrade the pydash library to a patch version.

Jan 21, 2026

AIKIDO-2026-10071

NO CVE

Low Risk

@openai/codex is vulnerable to Incorrect Permission Assignment for Critical Resource

Upgrade the @openai/codex library to a patch version.

Jan 21, 2026

AIKIDO-2026-10070

CVE-2026-22862

High Risk

github.com/ethereum-optimism/op-geth is vulnerable to Denial of Service (DoS)

Upgrade the github.com/ethereum-optimism/op-geth library to the patch version.

Jan 20, 2026

AIKIDO-2026-10069

NO CVE

High Risk

billboard.js is vulnerable to Cross-site Scripting (XSS)

Upgrade the billboard.js library to the patch version.

Jan 20, 2026

AIKIDO-2026-10068

NO CVE

Low Risk

@strapi/core is vulnerable to Insufficient Session Expiration

Upgrade the @strapi/core library to the patch version.

Jan 20, 2026

AIKIDO-2026-10066

CVE-2025-15382

Medium Risk

wolfSSL.wolfssh is vulnerable to Out-of-bounds Read

Upgrade the wolfSSL.wolfssh library to the patch version.

Jan 20, 2026

AIKIDO-2026-10065

CVE-2025-14942

Critical

wolfSSL.wolfssh is vulnerable to Improper Authentication

Upgrade the wolfSSL.wolfssh library to the patch version.

Jan 20, 2026

AIKIDO-2026-10064

NO CVE

Low Risk

core is vulnerable to Regular Expression Denial of Service (ReDoS)

Upgrade the org.mvnpm.at.uirouter:core library to the patch version.

Jan 20, 2026

AIKIDO-2026-10063

NO CVE

High Risk

ethereum_ssz_derive is vulnerable to Improper Neutralization of Trailing Special Elements

Upgrade the ethereum_ssz_derive library to a patch version.

Jan 20, 2026

AIKIDO-2026-10062

NO CVE

Medium Risk

jboss-logmanager is vulnerable to Uncontrolled Recursion

Upgrade the org.jboss.logmanager:jboss-logmanager library to a patch version.

Jan 20, 2026

AIKIDO-2026-10061

NO CVE

Medium Risk

c2pa is vulnerable to Path Traversal

Upgrade the c2pa library to a patch version.

Jan 20, 2026

AIKIDO-2026-10060

NO CVE

Medium Risk

supertokens-auth-react is vulnerable to Open Redirect

Upgrade the supertokens-auth-react library to a patch version.

Jan 20, 2026

AIKIDO-2026-10059

NO CVE

Medium Risk

jsonrepair is vulnerable to Improper Input Validation

Upgrade the jsonrepair library to a patch version.

Jan 20, 2026

AIKIDO-2026-10058

CVE-2025-53690

Critical

Sitecore Experience Commerce is vulnerable to Deserialization of Untrusted Data

Upgrade the Sitecore Experience Commerce packages to the patch version.

Jan 19, 2026

AIKIDO-2026-10057

NO CVE

Low Risk

publish-flat is vulnerable to Improper Input Validation

Upgrade the publish-flat library to the patch version.

Jan 16, 2026

AIKIDO-2026-10056

NO CVE

Low Risk

qs-codec is vulnerable to Denial of Service (DoS)

Upgrade the qs-codec library to the patch version.

Jan 16, 2026

AIKIDO-2026-10055

NO CVE

Low Risk

qs_dart is vulnerable to Denial of Service (DoS)

Upgrade the qs_dart library to the patch version.

Jan 16, 2026

AIKIDO-2026-10054

NO CVE

Medium Risk

automattic/jetpack-forms is vulnerable to Server-Side Request Forgery (SSRF)

Upgrade the automattic/jetpack-forms library to a patch version.

Jan 16, 2026

AIKIDO-2026-10053

NO CVE

Medium Risk

@cedarjs/auth-dbauth-setup is vulnerable to Predictable Exact Value from Previous Values

Upgrade the @cedarjs/auth-dbauth-setup library to a patch version.

Jan 16, 2026

AIKIDO-2026-10052

GHSA-7jx7-3846-m7w7

High Risk

craftcms/cms is vulnerable to Remote Code Execution (RCE)

Upgrade the craftcms/cms library to the patch version.

Jan 15, 2026

AIKIDO-2026-10051

GHSA-fxp3-g6gw-4r4v

Medium Risk

craftcms/cms is vulnerable to Improper Authorization

Upgrade the craftcms/cms library to the patch version.

Jan 15, 2026

AIKIDO-2026-10050

GHSA-9f5h-mmq6-2x78

Medium Risk

craftcms/cms is vulnerable to Cross-site Scripting (XSS)

Upgrade the craftcms/cms library to the patch version.

Jan 15, 2026

AIKIDO-2026-10049

GHSA-8jr8-7hr4-vhfx

High Risk

craftcms/cms is vulnerable to Server-Side Request Forgery (SSRF)

Upgrade the craftcms/cms library to the patch version.

Jan 15, 2026

AIKIDO-2026-10048

GHSA-2453-mppf-46cj

High Risk

craftcms/cms is vulnerable to SQL Injection

Upgrade the craftcms/cms library to the patch version.

Jan 15, 2026

AIKIDO-2026-10047

NO CVE

Medium Risk

pino is vulnerable to Prototype Pollution

Upgrade the pino library to the patch version.

Jan 15, 2026

AIKIDO-2026-10046

NO CVE

Low Risk

github.com/pion/webrtc/v4 is vulnerable to Improper Input Validation

Upgrade the github.com/pion/webrtc/v4 library to the patch version.

Jan 15, 2026

AIKIDO-2026-10045

NO CVE

Medium Risk

questdb is vulnerable to Cross-site Scripting (XSS)

Upgrade the org.questdb:questdb library to a patch version.

Jan 15, 2026

AIKIDO-2026-10044

NO CVE

Medium Risk

mcp is vulnerable to Cross-site Scripting (XSS)

Upgrade the mcp library to the patch version.

Jan 15, 2026

AIKIDO-2026-10043

Our intel, your security

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure

🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium

🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium

🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US

Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.

The Intel vulnerability and malware feed is licensed under a dual license.