Logo
Contribute
Go To App
aikido intel logo

Powered by AI + Aikido Research Team

Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

aikido intel logo

vulnerabilities

1

6

1

9

aikido intel logo

malware

1

1

6

0

3

6

Protect yourself from malware upon install with Aikido SafeChain (open source)

Install SafeChain

Search and compare health of Open-Source Packages. Make confident, secure choices for your next build.

Open Aikido's Package Health
NO CVE
Medium Risk
automattic/jetpack-forms is vulnerable to Server-Side Request Forgery (SSRF)
Upgrade the automattic/jetpack-forms library to a patch version.
Jan 16, 2026
AIKIDO-2026-10053
NO CVE
Medium Risk
@cedarjs/auth-dbauth-setup is vulnerable to Predictable Exact Value from Previous Values
Upgrade the @cedarjs/auth-dbauth-setup library to a patch version.
Jan 16, 2026
AIKIDO-2026-10052
GHSA-7jx7-3846-m7w7
High Risk
craftcms/cms is vulnerable to Remote Code Execution (RCE)
Upgrade the craftcms/cms library to the patch version.
Jan 15, 2026
AIKIDO-2026-10051
GHSA-fxp3-g6gw-4r4v
Medium Risk
craftcms/cms is vulnerable to Improper Authorization
Upgrade the craftcms/cms library to the patch version.
Jan 15, 2026
AIKIDO-2026-10050
GHSA-9f5h-mmq6-2x78
Medium Risk
craftcms/cms is vulnerable to Cross-site Scripting (XSS)
Upgrade the craftcms/cms library to the patch version.
Jan 15, 2026
AIKIDO-2026-10049
GHSA-8jr8-7hr4-vhfx
High Risk
craftcms/cms is vulnerable to Server-Side Request Forgery (SSRF)
Upgrade the craftcms/cms library to the patch version.
Jan 15, 2026
AIKIDO-2026-10048
GHSA-2453-mppf-46cj
High Risk
craftcms/cms is vulnerable to SQL Injection
Upgrade the craftcms/cms library to the patch version.
Jan 15, 2026
AIKIDO-2026-10047
NO CVE
Medium Risk
pino is vulnerable to Prototype Pollution
Upgrade the pino library to the patch version.
Jan 15, 2026
AIKIDO-2026-10046
NO CVE
Low Risk
github.com/pion/webrtc/v4 is vulnerable to Improper Input Validation
Upgrade the github.com/pion/webrtc/v4 library to the patch version.
Jan 15, 2026
AIKIDO-2026-10045
NO CVE
Medium Risk
questdb is vulnerable to Cross-site Scripting (XSS)
Upgrade the org.questdb:questdb library to a patch version.
Jan 15, 2026
AIKIDO-2026-10044
NO CVE
Medium Risk
mcp is vulnerable to Cross-site Scripting (XSS)
Upgrade the mcp library to the patch version.
Jan 15, 2026
AIKIDO-2026-10043
NO CVE
Low Risk
Microsoft.Identity.Client is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the Microsoft.Identity.Client library to the patch version.
Jan 15, 2026
AIKIDO-2026-10042
NO CVE
Medium Risk
@salesforce/design-system-react is vulnerable to Cross Site Scripting (XSS)
Upgrade the @salesforce/design-system-react library to the patch version.
Jan 14, 2026
AIKIDO-2026-10041
NO CVE
Low Risk
@uirouter/core is vulnerable to Regular Expression Denial of Service (ReDoS)
Upgrade the @uirouter/core library to the patch version.
Jan 14, 2026
AIKIDO-2026-10040
NO CVE
High Risk
github.com/milvus-io/milvus/pkg/v2 is vulnerable to Information Disclosure
Upgrade the github.com/milvus-io/milvus/pkg/v2 library to the patch version.
Jan 14, 2026
AIKIDO-2026-10039
NO CVE
Low Risk
kreait/firebase-php is vulnerable to Insertion of Sensitive Information into Log File
Upgrade kreait/firebase-php to a patch version.
Jan 14, 2026
AIKIDO-2026-10038
NO CVE
Low Risk
smalot/pdfparser is vulnerable to Denial of Service (DoS)
Upgrade the smalot/pdfparser library to the patch version.
Jan 14, 2026
AIKIDO-2026-10037
NO CVE
Critical
vm2 is vulnerable to Code Injection
Upgrade the vm2 library to the patch version.
Jan 14, 2026
AIKIDO-2026-10036
CVE-2025-55132
Low Risk
node is vulnerable to Improper Access Control
Upgrade the node library to a patch version.
Jan 14, 2026
AIKIDO-2026-10035
CVE-2026-21637
Medium Risk
node is vulnerable to Denial of Service (DoS)
Upgrade the node library to a patch version.
Jan 14, 2026
AIKIDO-2026-10034
CVE-2026-21636
Medium Risk
node is vulnerable to Improper Access Control
Upgrade the node library to a patch version.
Jan 14, 2026
AIKIDO-2026-10033
CVE-2025-59464
Medium Risk
node is vulnerable to Denial of Service (DoS)
Upgrade the node library to a patch version.
Jan 14, 2026
AIKIDO-2026-10032
CVE-2025-59466
Medium Risk
node is vulnerable to Denial of Service (DoS)
Upgrade the node library to a patch version.
Jan 14, 2026
AIKIDO-2026-10031
CVE-2025-59465
High Risk
node is vulnerable to Denial of Service (DoS)
Upgrade the node library to a patch version.
Jan 14, 2026
AIKIDO-2026-10030
CVE-2025-55130
High Risk
node is vulnerable to Path Traversal
Upgrade the node library to a patch version.
Jan 14, 2026
AIKIDO-2026-10029
CVE-2025-55131
High Risk
node is vulnerable to Use of Uninitialized Resource
Upgrade the node library to a patch version.
Jan 14, 2026
AIKIDO-2026-10028
CVE-2026-22813
Critical
opencode-ai is vulnerable to Remote Code Execution (RCE)
Upgrade the opencode library to the patch version.
Jan 13, 2026
AIKIDO-2026-10027
NO CVE
Low Risk
pymongo is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the pymongo library to the patch version.
Jan 12, 2026
AIKIDO-2026-10026
NO CVE
Medium Risk
bincode is vulnerable to Use of Unmaintained Third Party Components
Remove any bincode package from your application. Please take a look at <a href="https://crates.io/crates/wincode">wincode</a>, <a href="https://crates.io/crates/bitcode">bitcode</a>, <a href="https://crates.io/crates/rkyv">rkyv</a> or <a href="https://crates.io/crates/postcard">postcard</a> as an alternative.
Jan 12, 2026
AIKIDO-2026-10025
NO CVE
Low Risk
@node-red/nodes is vulnerable to Denial of Service (DoS)
Upgrade the @node-red/nodes library to the patch version.
Jan 12, 2026
AIKIDO-2026-10024
NO CVE
Medium Risk
@google/gemini-cli-core is vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Upgrade the @google/gemini-cli-core library to the patch version.
Jan 12, 2026
AIKIDO-2026-10023
NO CVE
Low Risk
undici is vulnerable to Allocation of Resources Without Limits or Throttling
Upgrade the undici library to the patch version.
Jan 12, 2026
AIKIDO-2026-10022
NO CVE
High Risk
@rudderstack/rudder-sdk-node is vulnerable to Deserialization of Untrusted Data leading to Remote Code Execution
Upgrade the @rudderstack/rudder-sdk-node library to the patch version.
Jan 12, 2026
AIKIDO-2026-10021
NO CVE
Medium Risk
@tanstack/router-core is vulnerable to Open Redirect
Upgrade the @tanstack/router-core library to the patch version.
Jan 12, 2026
AIKIDO-2026-10020
NO CVE
Low Risk
elysia is vulnerable to Observable Timing Discrepancy
Upgrade the elysia library to the patch version.
Jan 12, 2026
AIKIDO-2026-10019
NO CVE
Medium Risk
github.com/filebrowser/filebrowser/v2 is vulnerable to Improper Access Control
Upgrade the github.com/filebrowser/filebrowser/v2 library to the patch version.
Jan 12, 2026
AIKIDO-2026-10018

Our intel, your security

open-source

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

share

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access
aikido

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure
Logo
© 2026 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.