Every advisory below is enriched with the Vulnetix VDB exploit-intelligence chip (hover a CVE ID in the interactive page to see CVSS, EPSS, KEV status, and PoC maturity). 1 is already weaponised in the wild — see the Exploited section.
ALAS-2025-1979: libsoup (important)
CVEs:CVE-2025-32906CVE-2025-32907CVE-2025-32911CVE-2025-32913CVE-2025-32914
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| libsoup | affected | Amazon | libsoup | — |
ALAS-2025-1980: ppp (important)
CVEs:CVE-2024-58250
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| ppp | affected | Amazon | ppp | — |
CVE-2025-5279 - Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin
CVEs:CVE-2025-5279
ALAS-2025-1976: freetype (important)
CVEs:CVE-2025-27363
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| freetype | affected | Amazon | freetype | — |
ALAS-2025-1977: kernel (important)
CVEs:CVE-2022-49168CVE-2022-49413CVE-2022-49465CVE-2025-21920
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| kernel | affected | Amazon | kernel | — |
ALAS-2025-1978: ghostscript (important)
CVEs:CVE-2024-46951CVE-2024-46953CVE-2024-46956
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| ghostscript | affected | Amazon | ghostscript | — |
CVE-2025-4318 - Input validation issue in AWS Amplify Studio UI component properties
CVEs:CVE-2025-4318
Every CVE above is indexed in the Vulnetix VDB with KEV, EPSS, and PoC maturity. The interactive page surfaces that on hover.