Aikido Vulnerability Database

jsonpath-plus is vulnerable to Remote code execution in versions 0.1.0 - 10.0.3.

electron is vulnerable to Type Confusion in versions 31.0.0 - 31.7.0 and 32.0.0 - 32.2.0.

jsonpath-plus is vulnerable to Remote code execution in versions 0.1.0 - 10.0.0.

github.com/wneessen/go-mail is vulnerable to Insertion of Sensitive Information into Log File in versions 0.1.0 - 0.5.0.

craftcms/cms is vulnerable to Improper Privilege Management in versions 4.0.0 - 4.12.6 and 5.0.0 - 5.4.7.1.

@backstage/backend-defaults is vulnerable to Accidental exposure of sensitive info possible in versions 0.1.0 - 0.5.0.

@syncfusion/ej2-documenteditor is vulnerable to Cross-site Scripting (XSS) in versions 26.2.4 - 27.1.52.

mysql-connector-python is vulnerable to SQL Injection in versions 8.3.0 - 9.0.0.

github.com/hashicorp/consul is vulnerable to Cross-site Scripting (XSS) in versions 1.9.0 - 1.19.2.

datadog/dd-trace is vulnerable to DoS possible due to memory leak or race condition in versions 0.1.0 - 1.3.2.

libarchive.libarchive is vulnerable to DoS possible due to improper check for exceptional conditions in versions 3.0.0a - 3.7.6.

http-server is vulnerable to Selection of Less-Secure Algorithm During Negotiation in versions 200 - 274.

@clerk/clerk-js is vulnerable to URL Redirection to Untrusted Site ('Open Redirect') in versions 2.13.1 - 5.26.3.

astro is vulnerable to Cross-site Scripting (XSS) in versions 3.2.0 - 4.16.0.

api-platform/core is vulnerable to Missing Authorization in versions 4.0.0 - 4.0.2.

kedro is vulnerable to Remote Code Execution (RCE) in versions 0.18.4 - 0.19.8.

torchgeo is vulnerable to Command Injection in versions 0.4.0 - 0.6.0.

gevent is vulnerable to Race Condition in versions 1.2.0 - 24.10.0.