Instantly Patch Your CVEs with Aikido

Aikido provides fixes for unmaintained packages. These patches are created by Tuxcare and are drop-in replacements so you can avoid painstaking major version upgrades.

40+ End-of-life CVE patches
1-click AutoFix
End-of-Life package detection

Try Aikido

No CC required

Book a demo

Your data won't be shared · Read-only access · No CC required

Trusted by 50k+ orgs

Loved by 100k+ devs

4.7/5

Patch your end-of-life runtimes

Extended lifetime support for outdated packages.

undici

Medium

Major version bump

undici is vulnerable to Memory Leak

picocolors

Low

Major version bump

picocolors is vulnerable to Uncontrolled Recursion

webpack

Medium

Minor version bump

webpack is vulnerable to Cross-site Scripting (XSS)

i18next

High

Major version bump

i18next is vulnerable to Code Injection

ssr-window

High

Major version bump

ssr-window is vulnerable to Prototype Pollution

copy-anything

Medium

Major version bump

copy-anything is vulnerable to Prototype Pollution

jsonwebtoken

Critical

Major version bump

jsonwebtoken is vulnerable to verification bypass by swapping asymmetric-signed tokens with symmetric ones.

angularjs

High

Major version bump

angularjs is vulnerable to Prototype Pollution

express-jwt

High

Major version bump

express-jwt is vulnerable to authorization bypass when algorithms are not enforced and used with jwks-rsa.

angularjs

Medium

Major version bump

angular.js is vulnerable to cross-site scripting

lodash

High

Manual changes required

lodash is vulnerable to command injection

jsonwebtoken

High

Major version bump

jsonwebtoken is vulnerable to signature verification issues

jsonwebtoken

High

Major version bump

jsonwebtoken is vulnerable to signature validation bypass

jsonwebtoken

Medium

Major version bump

jsonwebtoken is vulnerable to token forgery

angularjs

High

Major version bump

angular is vulnerable to Regular Expression Denial of Service

angularjs

Medium

Major version bump

angular / angularjs are vulnerable to cross-site scripting (XSS)

angularjs

Medium

Major version bump

angular is vulnerable to Regular Expression Denial of Service

angular-resource

Medium

Major version bump

angular is vulnerable to Regular Expression Denial of Service

angularjs

Medium

Major version bump

angular is vulnerable to Regular Expression Denial of Service

tough-cookie

Critical

Major version bump

tough-cookie is vulnerable to prototype pollution

request

Medium

Major version bump

request is vulnerable to SSRF bypass

crypto-js

Critical

Major version bump

crypto-js is vulnerable due to weak PBKDF2 defaults

express

Medium

Major version bump

express is vulnerable to arbitrary resource injection

angularjs

High

Major version bump

angular is vulnerable to denial of service via catastrophic backtracking

express

Medium

Major version bump

express is vulnerable to open redirect

High

Not available

ip is vulnerable to SSRF

express

Medium

Major version bump

express is vulnerable to code execution

rollup

Medium

Major version bump

rollup is vulnerable to DOM clobbering, which can lead to XSS

vue-template-compiler

Medium

Major version bump

vue is vulnerable to XSS via prototype pollution

angularjs

Medium

Major version bump

angularjs is vulnerable to content spoofing via improper sanitization

angularjs

Medium

Major version bump

angularjs is vulnerable to content spoofing via improper sanitization

express

Medium

Major version bump

express is vulnerable to open redirect

angularjs

Medium

Major version bump

angularjs is vulnerable to content spoofing via improper sanitization

jspdf

High

Major version bump

jsPDF is vulnerable to denial of service

formidable

Low

Major version bump

formidable is vulnerable to predictable filenames for untrusted content

multer

High

Major version bump

multer is vulnerable to denial of service

multer

High

Major version bump

multer is vulnerable to denial of service

multer

High

Major version bump

multer is vulnerable to denial of service

form-data

Critical

Major version bump

form-data is vulnerable to HTTP Parameter Pollution (HPP)

jsonwebtoken

High

Major version bump

jsonwebtoken is vulnerable to verification bypass

lodash

High

Manual changes required

lodash is vulernable to prototype polution

How it works

How Aikido works

Connect your code, cloud & containers

It doesn't matter on which tool stack you are. Aikido connects with most popular stacks and scans continuously for issues.

Get relevant security & code quality alerts

No need to sift through hundreds of alerts. Only few of them really matter. Aikido auto-triages notifications.

Features

SAST Scanner Features

Get Rid of False Positives

We rigorously test and refine every rule to reduce false positives. You get accurate, high-confidence SAST scan findings—nothing noisy, nothing pointless.

Learn More

Custom Rules for Custom Risks

Build custom rules to catch risks unique to your codebase. Aikido lets you extend detection beyond standard patterns—so nothing critical slips through.

Learn More

Context-Aware Severity Scoring

Provide context (e.g. if a repo is internet-facing or handles sensitive data) and Aikido's SAST tool will adjust issue severities accordingly.

Learn More

TL;DR Advice

Aikido gives you the SAST scan info you need, and nothing more: What is the issue, does this affect me & how do I fix it?Straightforward remediation advice, throughout the development lifecycle.

Surface Real Security Issues

Many SAST tools overwhelm developers with non-security issues (style, readbility, maintainability, etc...) Aikido prioritizes real security risks—so critical issues rise to the top.

Learn More

AI-Generated Security Fixes

Get instant code-fix suggestions (with confidence levels). Some fixes use deterministic workflows while tougher fixes are handled by an agentic AI.

Learn More

Instant Warnings in Your IDE

Get SAST scans right in your IDE. Catch vulnerabilities as you code. Fix issues early—before they ever reach a pull request.

Secure Every Pull Request

Enforce security checks in your CI/CD pipeline. Block merges based on severity, type, or context. Aikido adds inline feedback so developers can fix issues before code ships.

Search your entire cloud environment with simple queries to instantly find risks, misconfigurations, and exposures.

Learn more

Get secure for free

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start for Free

No CC required

Book a demo

No credit card required |Scan results in 32secs.

FAQ

More to explore

Documentation

Trust Center

Integrations

Has Aikido itself been security tested?

Yes — we run yearly third-party pentests and maintain a continuous bug bounty program to catch issues early.

Can I also generate an SBOM?

Yes - you can export a full SBOM in CycloneDX, SPDX, or CSV format with one click. Just open the Licenses & SBOM report to see all your packages and licenses.

What do you do with my source code?

Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.

Can I try Aikido without giving access to my own code?

Yes - you can connect a real repo (read-only access), or use our public demo project to explore the platform. All scans are read-only and Aikido never makes changes to your code. Fixes are proposed via pull requests you review and merge.