Logo
Contribute
Go To App
aikido intel logo

Powered by AI + Aikido Research Team

Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

aikido intel logo

vulnerabilities

1

6

6

4

aikido intel logo

malware

1

1

7

6

8

8

ImageImageImageImageImageImage
ImageImage
Image

Protect yourself from malware upon install with Aikido SafeChain (open source)

Install SafeChain
Image

Search and compare health of Open-Source Packages. Make confident, secure choices for your next build.

Open Aikido's Package Health
NO CVE
Medium Risk
ueberauth_microsoft is vulnerable to Insufficient Verification of Data Authenticity
Upgrade the ueberauth_microsoft library to the patch version.
Jan 28, 2026
AIKIDO-2026-10099
NO CVE
Low Risk
prefect is vulnerable to Generation of Error Message Containing Sensitive Information
Upgrade the prefect library to the patch version.
Jan 28, 2026
AIKIDO-2026-10098
NO CVE
High Risk
spring-boot-admin-server is vulnerable to Remote Code Execution (RCE)
Upgrade the de.codecentric:spring-boot-admin-server library to the patch version.
Jan 28, 2026
AIKIDO-2026-10097
NO CVE
Medium Risk
@nuxt/ui is vulnerable to Cross-site Scripting (XSS)
Upgrade the @nuxt/ui library to a patch version.
Jan 27, 2026
AIKIDO-2026-10096
CVE-2026-23864
High Risk
next is vulnerable to Denial of Service (DoS)
Upgrade the next library to the patch version.
Jan 27, 2026
AIKIDO-2026-10095
CVE-2026-23864
High Risk
react-server-dom-turbopack is vulnerable to Denial of Service (DoS)
Upgrade the react-server-dom-turbopack library to the patch version.
Jan 27, 2026
AIKIDO-2026-10094
CVE-2026-23864
High Risk
react-server-dom-webpack is vulnerable to Denial of Service (DoS)
Upgrade the react-server-dom-webpack library to the patch version.
Jan 27, 2026
AIKIDO-2026-10093
CVE-2026-23864
High Risk
react-server-dom-parcel is vulnerable to Denial of Service (DoS)
Upgrade the react-server-dom-parcel library to the patch version.
Jan 27, 2026
AIKIDO-2026-10092
NO CVE
Medium Risk
shipperhq/module-address-autocomplete is vulnerable to Cross-site Scripting (XSS)
Upgrade the shipperhq/module-address-autocomplete library to the patch version.
Jan 26, 2026
AIKIDO-2026-10091
NO CVE
Medium Risk
squid-cache.squid is vulnerable to Denial of Service (DoS)
Upgrade the squid-cache.squid library to the patch version.
Jan 26, 2026
AIKIDO-2026-10090
NO CVE
Medium Risk
rkyv is vulnerable to NULL Pointer Dereference
Upgrade the rkyv library to the patch version.
Jan 26, 2026
AIKIDO-2026-10089
NO CVE
High Risk
@strapi/core is vulnerable to Improper Access Control
Upgrade the @strapi/core library to a patch version.
Jan 26, 2026
AIKIDO-2026-10088
GHSA-f3rx-xrwm-q2rf
Medium Risk
eclipse-threadx.netxduo is vulnerable to Denial of Service (DoS)
Upgrade the eclipse-threadx.netxduo library to the patch version.
Jan 26, 2026
AIKIDO-2026-10087
NO CVE
Medium Risk
feast is vulnerable to Improper Access Control
Upgrade the feast library to a patch version.
Jan 26, 2026
AIKIDO-2026-10086
GHSA-gp2f-7wcm-5fhx
Medium Risk
craftcms/cms is vulnerable to Server-Side Request Forgery (SSRF)
Upgrade the craftcms/cms library to the patch version.
Jan 26, 2026
AIKIDO-2026-10085
GHSA-6j87-m5qx-9fqp
Low Risk
craftcms/cms is vulnerable to Cross-site Scripting (XSS)
Upgrade the craftcms/cms library to the patch version.
Jan 26, 2026
AIKIDO-2026-10084
GHSA-6fx5-5cw5-4897
Medium Risk
craftcms/cms is vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition
Upgrade the craftcms/cms library to the patch version.
Jan 26, 2026
AIKIDO-2026-10083
NO CVE
Low Risk
dwave-cloud-client is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the dwave-cloud-client library to the patch version.
Jan 26, 2026
AIKIDO-2026-10082
NO CVE
Medium Risk
hackney is vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection')
Upgrade the hackney library to the patch version.
Jan 26, 2026
AIKIDO-2026-10081
GHSA-xvjr-f2r9-c7ww
Medium Risk
harfbuzz.harfbuzz is vulnerable to NULL Pointer Dereference
Upgrade the harfbuzz.harfbuzz library to the patch version.
Jan 26, 2026
AIKIDO-2026-10080
NO CVE
High Risk
signalk-server is vulnerable to Prototype Pollution
Upgrade the signalk-server library to a patch version.
Jan 22, 2026
AIKIDO-2026-10079
NO CVE
Medium Risk
camel-ai is vulnerable to Server-Side Request Forgery
Upgrade the camel-ai library to the patch version.
Jan 22, 2026
AIKIDO-2026-10078
NO CVE
Low Risk
@elizaos/cli is vulnerable to Insufficiently Protected Credentials
Upgrade the elizaos library to the patch version.
Jan 22, 2026
AIKIDO-2026-10077
NO CVE
High Risk
py7zr is vulnerable to Path Traversal
Upgrade the py7zr library to the patch version.
Jan 22, 2026
AIKIDO-2026-10076
NO CVE
Medium Risk
@yaireo/tagify is vulnerable to Cross-site Scripting (XSS)
Upgrade the @yaireo/tagify library to the patch version.
Jan 21, 2026
AIKIDO-2026-10075
NO CVE
Medium Risk
lob is vulnerable to Path Traversal
Upgrade the lob library to the patch version.
Jan 21, 2026
AIKIDO-2026-10074
NO CVE
High Risk
borgmatic is vulnerable to Command Injection
Upgrade the borgmatic library to the patch version.
Jan 21, 2026
AIKIDO-2026-10073
NO CVE
Medium Risk
grammy is vulnerable to Timing Attacks
Upgrade the grammy library to the patch version.
Jan 21, 2026
AIKIDO-2026-10072
NO CVE
Medium Risk
pydash is vulnerable to Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Upgrade the pydash library to a patch version.
Jan 21, 2026
AIKIDO-2026-10071
NO CVE
Low Risk
@openai/codex is vulnerable to Incorrect Permission Assignment for Critical Resource
Upgrade the @openai/codex library to a patch version.
Jan 21, 2026
AIKIDO-2026-10070
CVE-2026-22862
High Risk
github.com/ethereum-optimism/op-geth is vulnerable to Denial of Service (DoS)
Upgrade the github.com/ethereum-optimism/op-geth library to the patch version.
Jan 20, 2026
AIKIDO-2026-10069
NO CVE
High Risk
billboard.js is vulnerable to Cross-site Scripting (XSS)
Upgrade the billboard.js library to the patch version.
Jan 20, 2026
AIKIDO-2026-10068
NO CVE
Low Risk
@strapi/core is vulnerable to Insufficient Session Expiration
Upgrade the @strapi/core library to the patch version.
Jan 20, 2026
AIKIDO-2026-10066
CVE-2025-15382
Medium Risk
wolfSSL.wolfssh is vulnerable to Out-of-bounds Read
Upgrade the wolfSSL.wolfssh library to the patch version.
Jan 20, 2026
AIKIDO-2026-10065
CVE-2025-14942
Critical
wolfSSL.wolfssh is vulnerable to Improper Authentication
Upgrade the wolfSSL.wolfssh library to the patch version.
Jan 20, 2026
AIKIDO-2026-10064
NO CVE
Low Risk
core is vulnerable to Regular Expression Denial of Service (ReDoS)
Upgrade the org.mvnpm.at.uirouter:core library to the patch version.
Jan 20, 2026
AIKIDO-2026-10063

Our intel, your security

open-source

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

share

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access
aikido

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure
Image
ImageImageImage
ImageImage
Logo
© 2026 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.