Aikido Vulnerability Database

A curated feed that compliments NVD and GitHub's Advisory Database

Human verified & human-readable
353 vulnerabilities found and growing
Low Risk
AIKIDO-2024-10342
@backstage/backend-defaults is vulnerable to Accidental exposure of sensitive info possible in versions 0.1.0 - 0.5.0.
October 15, 2024
Low Risk
AIKIDO-2024-10341
@syncfusion/ej2-documenteditor is vulnerable to Cross-site Scripting (XSS) in versions 26.2.4 - 27.1.52.
October 15, 2024
Medium Risk
AIKIDO-2024-10340
mysql-connector-python is vulnerable to SQL Injection in versions 8.3.0 - 9.0.0.
October 15, 2024
Low Risk
AIKIDO-2024-10339
github.com/hashicorp/consul is vulnerable to Cross-site Scripting (XSS) in versions 1.9.0 - 1.19.2.
October 15, 2024
Medium Risk
AIKIDO-2024-10338
datadog/dd-trace is vulnerable to DoS possible due to memory leak or race condition in versions 0.1.0 - 1.3.2.
October 15, 2024
Low Risk
AIKIDO-2024-10337
libarchive.libarchive is vulnerable to DoS possible due to improper check for exceptional conditions in versions 3.0.0a - 3.7.6.
October 15, 2024
Low Risk
AIKIDO-2024-10336
http-server is vulnerable to Selection of Less-Secure Algorithm During Negotiation in versions 200 - 274.
October 15, 2024
Medium Risk
AIKIDO-2024-10335
@clerk/clerk-js is vulnerable to URL Redirection to Untrusted Site ('Open Redirect') in versions 2.13.1 - 5.26.3.
October 14, 2024
Low Risk
AIKIDO-2024-10334
astro is vulnerable to Cross-site Scripting (XSS) in versions 3.2.0 - 4.16.0.
October 14, 2024
High Risk
AIKIDO-2024-10333
api-platform/core is vulnerable to Missing Authorization in versions 4.0.0 - 4.0.2.
October 11, 2024
High Risk
AIKIDO-2024-10332
kedro is vulnerable to Remote Code Execution (RCE) in versions 0.18.4 - 0.19.8.
October 11, 2024
Medium Risk
AIKIDO-2024-10331
torchgeo is vulnerable to Command Injection in versions 0.4.0 - 0.6.0.
October 11, 2024
Low Risk
AIKIDO-2024-10330
gevent is vulnerable to Race Condition in versions 1.2.0 - 24.10.0.
October 10, 2024
Medium Risk
AIKIDO-2024-10329
markdown2 is vulnerable to Cross-site Scripting in versions 1.0.0 - 2.5.0.
October 10, 2024
Critical
AIKIDO-2024-10328
deepspeed is vulnerable to Command Injection in versions 0.1.0 - 0.15.1.
October 10, 2024
Critical
AIKIDO-2024-10327
n8n is vulnerable to Relative Path Traversal in versions 1.0.0 - 1.62.3.
October 10, 2024
Low Risk
AIKIDO-2024-10326
craftcms/cms is vulnerable to Incorrect Authorization in versions 4.0.0 - 4.12.5 and 5.0.0 - 5.4.6.
October 9, 2024
Medium Risk
AIKIDO-2024-10325
oauth4webapi is vulnerable to Cleartext Transmission of Sensitive Information in versions 0.0.1 - 2.17.0.
October 8, 2024
Are you
to these issues?
Connect your GitHub, GitLab, Bitbucket or Azure DevOps account to start scanning your repos for free.
Start For Free
Your data won't be shared · Read-only access
Logo
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US