CVE-2025-23206

The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...

EUVD-2024-2637

Malicious code in bioql PyPI...

EUVD-2025-0113

Malicious code in bioql PyPI...

EUVD-2025-7239

Malicious code in bioql PyPI...

EUVD-2023-1884

Malicious code in bioql PyPI...

CVE-2024-45037

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

PT-2025-19363 · Npm · Aws-Cdk-Lib

Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...

CVE-2025-2598

When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....

AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider

Impact Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow, https://github.com/aws/aws-cdk/blob/d16482fc8a4a3e1f62751f481b770c09034df7d2/packages/%40aws-cdk/custom-resource-handlers/lib/aws-iam/oidc-handler/external.tsL34...

CVE-2025-23206 IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk

The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...

CVE-2025-23206

The CVE-2025-23206 issue affects AWS CDK (IAM OIDC custom resource workflow). The tls.connect call sets rejectUnauthorized: false, enabling potential MITM risk when downloading CA thumbprints. A patch is in progress; remediation guidance in the connected docs recommends upgrading to CDK v2.177.0 ...

CVE-2024-45037

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037

The CVE affects the AWS CDK RestApi with CognitoUserPoolAuthorizer. Under certain conditions, authenticated Cognito users may gain access beyond what is intended to protected API resources/methods, though API availability is not affected. Affected CDK versions are >=2.142.0 and =2.148.1; upgra...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

Code injection

AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...