Powered by AI + Aikido Research Team
Aikido Intel- Open Source Threat Intelligence
Your earliest warning for supply chain threats.
We expose malware and vulnerabilities in open-source ecosystems, within minutes.
vulnerabilities
1
5
9
2
malware
1
1
5
6
7
4
NO CVE
Low Riskpymongo is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the pymongo library to the patch version.
Jan 12, 2026
AIKIDO-2026-10026
NO CVE
Medium Riskbincode is vulnerable to Use of Unmaintained Third Party Components
Remove any bincode package from your application. Please take a look at <a href="https://crates.io/crates/wincode">wincode</a>, <a href="https://crates.io/crates/bitcode">bitcode</a>, <a href="https://crates.io/crates/rkyv">rkyv</a> or <a href="https://crates.io/crates/postcard">postcard</a> as an alternative.
Jan 12, 2026
AIKIDO-2026-10025
NO CVE
Low Risk@node-red/nodes is vulnerable to Denial of Service (DoS)
Upgrade the @node-red/nodes library to the patch version.
Jan 12, 2026
AIKIDO-2026-10024
NO CVE
Medium Risk@google/gemini-cli-core is vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Upgrade the @google/gemini-cli-core library to the patch version.
Jan 12, 2026
AIKIDO-2026-10023
NO CVE
Low Riskundici is vulnerable to Allocation of Resources Without Limits or Throttling
Upgrade the undici library to the patch version.
Jan 12, 2026
AIKIDO-2026-10022
NO CVE
High Risk@rudderstack/rudder-sdk-node is vulnerable to Deserialization of Untrusted Data leading to Remote Code Execution
Upgrade the @rudderstack/rudder-sdk-node library to the patch version.
Jan 12, 2026
AIKIDO-2026-10021
NO CVE
Medium Risk@tanstack/router-core is vulnerable to Open Redirect
Upgrade the @tanstack/router-core library to the patch version.
Jan 12, 2026
AIKIDO-2026-10020
NO CVE
Low Riskelysia is vulnerable to Observable Timing Discrepancy
Upgrade the elysia library to the patch version.
Jan 12, 2026
AIKIDO-2026-10019
NO CVE
Medium Riskgithub.com/filebrowser/filebrowser/v2 is vulnerable to Improper Access Control
Upgrade the github.com/filebrowser/filebrowser/v2 library to the patch version.
Jan 12, 2026
AIKIDO-2026-10018
NO CVE
Medium Riskcjs-module-lexer is vulnerable to Improper Control of Generation of Code ('Code Injection')
Upgrade the cjs-module-lexer library to the patch version.
Jan 12, 2026
AIKIDO-2026-10017
NO CVE
Low RiskJDA is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the net.dv8tion:JDA library to the patch version.
Jan 12, 2026
AIKIDO-2026-10016
NO CVE
Low Riskbcrypt is vulnerable to Observable Timing Discrepancy
Upgrade the bcrypt library to the patch version.
Jan 12, 2026
AIKIDO-2026-10015
CVE-2025-59947
High Risknanomq.NanoNNG is vulnerable to Heap Buffer Overflow
Upgrade the nanomq.NanoNNG library to a patch version.
Jan 12, 2026
AIKIDO-2026-10014
NO CVE
Medium Risksevenz-rust2 is vulnerable to Protection Mechanism Failure
Upgrade the sevenz-rust2 library to the patch version.
Jan 9, 2026
AIKIDO-2026-10013
NO CVE
Medium Risk@better-auth/sso is vulnerable to Allocation of Resources Without Limits or Throttling
Upgrade the @better-auth/sso library to the patch version.
Jan 8, 2026
AIKIDO-2026-10012
CVE-2026-21877
Critical n8n is vulnerable to Remote Code Execution via Path Traversal
Upgrade the n8n library to the patch version.
Jan 8, 2026
AIKIDO-2026-10011
NO CVE
Low Risk@uirouter/core is vulnerable to Regular Expression Denial of Service (ReDoS)
Upgrade the @uirouter/core library to the patch version.
Jan 6, 2026
AIKIDO-2026-10010
CVE-2025-59947
High Risknanomq.nanomq is vulnerable to Heap Buffer Overflow
Upgrade the nanomq.nanomq library to a patch version.
Jan 6, 2026
AIKIDO-2026-10009
NO CVE
Medium Riskrsyntaxtextarea is vulnerable to Improper Restriction of XML External Entity Reference
Upgrade the com.fifesoft:rsyntaxtextarea library to the patch version.
Jan 6, 2026
AIKIDO-2026-10008
NO CVE
Medium Riskscorm-again is vulnerable to Prototype Pollution
Upgrade the scorm-again library to the patch version.
Jan 6, 2026
AIKIDO-2026-10007
NO CVE
Critical drf-simple-apikey is vulnerable to Improper Input Validation
Upgrade the drf-simple-apikey library to the patch version.
Jan 6, 2026
AIKIDO-2026-10006
NO CVE
Medium Riskchainlit is vulnerable to Path Traversal
Upgrade the chainlit library to the patch version.
Jan 6, 2026
AIKIDO-2026-10005
NO CVE
Low Riskjsonschema-rs is vulnerable to Use-After-Free
Upgrade the jsonschema-rs library to the patch version.
Jan 6, 2026
AIKIDO-2026-10004
NO CVE
Low Riskjsonschema is vulnerable to Use-After-Free
Upgrade the jsonschema library to the patch version.
Jan 6, 2026
AIKIDO-2026-10003
NO CVE
Low Riskreferencing is vulnerable to Use-After-Free
Upgrade the referencing library to the patch version.
Jan 6, 2026
AIKIDO-2026-10002
CVE-2025-68430
Medium Riskcvat-sdk is vulnerable to Path Traversal
Upgrade the cvat-sdk library to the patch version.
Jan 6, 2026
AIKIDO-2026-10001
CVE-2025-68431
Medium Riskgithub.com/strukturag/libheif is vulnerable to Out-of-bounds Read
Upgrade the github.com/strukturag/libheif library to the patch version.
Dec 31, 2025
AIKIDO-2025-11011
CVE-2025-69277
Medium Riskparagonie/sodium_compat is vulnerable to Incomplete List of Disallowed Inputs
Upgrade the paragonie/sodium_compat library to the patch version.
Dec 31, 2025
AIKIDO-2025-11010
NO CVE
Low Riskmcp-atlassian is vulnerable to Denial of Service (DoS)
Upgrade the mcp-atlassian library to the patch version.
Dec 31, 2025
AIKIDO-2025-11009
NO CVE
High Riskmlflow is vulnerable to Command Injection
Upgrade the mlflow library to the patch version.
Dec 30, 2025
AIKIDO-2025-11008
NO CVE
Low Riskgithub.com/opencost/opencost is vulnerable to Inadequate Encryption Strength
Upgrade the github.com/opencost/opencost library to the patch version or strengthen TLS configuration to use TLS 1.2 or higher.
Dec 30, 2025
AIKIDO-2025-11007
CVE-2025-62599
Medium RiskeProsima.Fast-DDS is vulnerable to Integer Overflow
Upgrade the eProsima.Fast-DDS library to the patch version.
Dec 30, 2025
AIKIDO-2025-11006
CVE-2025-24807
Medium RiskeProsima.Fast-DDS is vulnerable to Insufficient Verification of Data Authenticity
Upgrade the eProsima.Fast-DDS library to the patch version.
Dec 30, 2025
AIKIDO-2025-11005
NO CVE
Medium Riskbetter-ccflare is vulnerable to Exposure of Sensitive Information
Upgrade the better-ccflare library to the patch version.
Dec 30, 2025
AIKIDO-2025-11004
NO CVE
High Riskmlflow-tracing is vulnerable to SQL Injection
Upgrade the mlflow-tracing library to the patch version.
Dec 29, 2025
AIKIDO-2025-11002
NO CVE
Medium Riskaxum-extra is vulnerable to Integer Underflow
Upgrade the axum-extra library to the patch version.
Dec 29, 2025
AIKIDO-2025-11001
Our intel, your security
Open-source
Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.
License the intel database
Want to integrate our threat intelligence into your product? Get access through our commercial API.
© 2026 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.
