Aikido Intel- Open Source Threat Intelligence

Your earliest warning for supply chain threats.

We expose malware and vulnerabilities in open-source ecosystems, within minutes.

vulnerabilities

malware

Sort on Date

Protect yourself from malware upon install with Aikido Safe Chain (open source)

Install Safe Chain

NO CVE

Medium Risk

unic-normal is vulnerable to Use of Unmaintained Third Party Components

Remove any unic-normal package from your application. Please take a look at <a href="https://crates.io/crates/icu_normalizer">icu_normalizer</a> or <a href="https://crates.io/crates/unicode-normalization">unicode-normalization</a> as an alternative.

Oct 23, 2025

AIKIDO-2025-10744

NO CVE

Medium Risk

unic-ucd-bidi is vulnerable to Use of Unmaintained Third Party Components

Remove any unic-ucd-bidi package from your application. Please take a look at <a href="https://crates.io/crates/icu_properties">icu_properties</a> as an alternative.

Oct 23, 2025

AIKIDO-2025-10743

NO CVE

Medium Risk

unic-emoji-char is vulnerable to Use of Unmaintained Third Party Components

Remove any unic-emoji-char package from your application. Please take a look at <a href="https://crates.io/crates/icu_properties">icu_properties</a> as an alternative.

Oct 23, 2025

AIKIDO-2025-10742

NO CVE

Medium Risk

unic-ucd-category is vulnerable to Use of Unmaintained Third Party Components

Remove any unic-ucd-category package from your application. Please take a look at <a href="https://crates.io/crates/icu_properties">icu_properties</a> as an alternative.

Oct 23, 2025

AIKIDO-2025-10741

NO CVE

Medium Risk

unic is vulnerable to Use of Unmaintained Third Party Components

Remove any unic package from your application. Please take a look at <a href="https://crates.io/crates/icu">icu</a>, <a href="https://crates.io/crates/idna">idna</a> or <a href="https://crates.io/crates/unicode-bidi">unicode-bidi</a> as an alternative.

Oct 23, 2025

AIKIDO-2025-10740

NO CVE

Medium Risk

unic-bidi is vulnerable to Use of Unmaintained Third Party Components

Remove any unic-bidi package from your application. Please take a look at <a href="https://crates.io/crates/unicode-bidi">unicode-bidi</a> as an alternative.

Oct 23, 2025

AIKIDO-2025-10739

NO CVE

Medium Risk

unic-ucd-version is vulnerable to Use of Unmaintained Third Party Components

Remove any unic-ucd-version package from your application.

Oct 23, 2025

AIKIDO-2025-10738

NO CVE

Medium Risk

unic-ucd-ident is vulnerable to Use of Unmaintained Third Party Components

Remove any unic-ucd-ident package from your application. Please take a look at <a href="https://crates.io/crates/icu_properties">icu_properties</a> or <a href="https://crates.io/crates/unicode-ident">unicode-ident</a> as an alternative.

Oct 23, 2025

AIKIDO-2025-10737

NO CVE

Medium Risk

unic-ucd-common is vulnerable to Use of Unmaintained Third Party Components

Remove any unic-ucd-common package from your application. Please take a look at <a href="https://crates.io/crates/icu_properties">icu_properties</a> as an alternative.

Oct 23, 2025

AIKIDO-2025-10736

NO CVE

Medium Risk

unic-ucd-age is vulnerable to Use of Unmaintained Third Party Components

Remove any unic-ucd-age package from your application.

Oct 23, 2025

AIKIDO-2025-10735

NO CVE

Medium Risk

unic-ucd-segment is vulnerable to Use of Unmaintained Third Party Components

Remove any unic-ucd-segment package from your application. Please take a look at <a href="https://crates.io/crates/icu_properties">icu_properties</a> as an alternative.

Oct 23, 2025

AIKIDO-2025-10734

NO CVE

Low Risk

github.com/tmc/langchaingo is vulnerable to Generation of Error Message Containing Sensitive Information

Upgrade the github.com/tmc/langchaingo library to the patch version.

Oct 23, 2025

AIKIDO-2025-10733

NO CVE

Medium Risk

sitemap is vulnerable to Cross-site Scripting (XSS)

Upgrade the sitemap library to the patch version.

Oct 23, 2025

AIKIDO-2025-10732

NO CVE

Low Risk

github.com/yaronf/httpsign is vulnerable to Denial of Service (DoS)

Upgrade the github.com/yaronf/httpsign library to the patch version.

Oct 23, 2025

AIKIDO-2025-10731

NO CVE

Medium Risk

@angular/ssr is vulnerable to Server-Side Request Forgery (SSRF)

Upgrade the @angular/ssr library to the patch version.

Oct 23, 2025

AIKIDO-2025-10730

NO CVE

High Risk

strands-agents is vulnerable to Path Traversal

Upgrade the strands-agents library to the patch version.

Oct 23, 2025

AIKIDO-2025-10729

NO CVE

Medium Risk

django-phone-verify is vulnerable to Improper Restriction of Excessive Authentication Attempts

Upgrade the django-phone-verify library to the patch version.

Oct 23, 2025

AIKIDO-2025-10728

CVE-2025-55315

Critical

runtimepack.Microsoft.AspNetCore.App.Runtime.linux-arm is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Upgrade the Microsoft.AspNetCore.App.Runtime library to the patch version.

Oct 22, 2025

AIKIDO-2025-10727

NO CVE

Medium Risk

github.com/eclipse/paho.mqtt.golang is vulnerable to Integer Overflow

Upgrade the github.com/eclipse/paho.mqtt.golang library to the patch version.

Oct 21, 2025

AIKIDO-2025-10726

GHSA-C5VW-J4HF-J526

Medium Risk

koa is vulnerable to Cross-Site Scripting (XSS)

Upgrade the koa library to the patch version.

Oct 21, 2025

AIKIDO-2025-10725

NO CVE

Medium Risk

@stefanobartoletti/nuxt-social-share is vulnerable to Improper Input Validation

Upgrade the @stefanobartoletti/nuxt-social-share library to the patch version.

Oct 21, 2025

AIKIDO-2025-10724

NO CVE

Low Risk

unleash-server is vulnerable to Generation of Error Message Containing Sensitive Information

Upgrade the unleash-server library to the patch version.

Oct 21, 2025

AIKIDO-2025-10721

CVE-2025-58183

Medium Risk

github.com/vbatts/tar-split is vulnerable to Allocation of Resources Without Limits or Throttling

Upgrade the github.com/vbatts/tar-split library to the patch version.

Oct 16, 2025

AIKIDO-2025-10720

NO CVE

Low Risk

databricks-sdk is vulnerable to Insertion of Sensitive Information into Log File

Upgrade the databricks-sdk library to the patch version.

Oct 16, 2025

AIKIDO-2025-10719

NO CVE

High Risk

sveltekit-superforms is vulnerable to Prototype Pollution

Upgrade the sveltekit-superforms library to the patch version.

Oct 16, 2025

AIKIDO-2025-10718

NO CVE

Medium Risk

github.com/valyala/fasthttp is vulnerable to Improper Input Validation

Upgrade the github.com/valyala/fasthttp library to the patch version.

Oct 14, 2025

AIKIDO-2025-10717

CVE-2021-23445

Medium Risk

jquery.datatables is vulnerable to Cross-site Scripting (XSS)

Upgrade the jquery.datatables library to the patch version.

Oct 14, 2025

AIKIDO-2025-10716

NO CVE

Medium Risk

erb is vulnerable to Integer Overflow

Upgrade the erb library to the patch version.

Oct 14, 2025

AIKIDO-2025-10715

NO CVE

Low Risk

@openc3/vue-common is vulnerable to Cross-site Scripting (XSS)

Upgrade the @openc3/vue-common library to the patch version.

Oct 14, 2025

AIKIDO-2025-10714

NO CVE

Low Risk

moxcms is vulnerable to Out-Of-Bounds Read

Upgrade the moxcms library to the patch version or turn off overflow checking.

Oct 14, 2025

AIKIDO-2025-10713

NO CVE

Medium Risk

ray is vulnerable to Improper Access Control

Upgrade the ray library to the patch version.

Oct 14, 2025

AIKIDO-2025-10712

NO CVE

Medium Risk

github.com/slackhq/nebula is vulnerable to Improper Certificate Validation

Upgrade the github.com/slackhq/nebula library to the patch version.

Oct 14, 2025

AIKIDO-2025-10711

NO CVE

High Risk

litellm is vulnerable to Incorrect Authorization

Upgrade the litellm library to the patch version.

Oct 14, 2025

AIKIDO-2025-10710

NO CVE

High Risk

jquery.validation is vulnerable to Inefficient Regular Expression Complexity

Upgrade the jquery.validation library to the patch version.

Oct 14, 2025

AIKIDO-2025-10709

CVE-2020-28458

High Risk

jquery.datatables is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Upgrade the jquery.datatables library to the patch version.

Oct 14, 2025

AIKIDO-2025-10708

GHSA-xjv7-6w92-42r7

Medium Risk

marimo is vulnerable to Unintended Proxy or Intermediary ('Confused Deputy')

Upgrade the marimo library to the patch version.

Oct 10, 2025

AIKIDO-2025-10707

Our intel, your security

Open-source

Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.

License the intel database

Want to integrate our threat intelligence into your product? Get access through our commercial API.

Get Access

Get protected by Aikido- it's free.

Easily secure your software supply chain, and more. Secure your your code, cloud, and runtime with Aikido’s all-in-one security platform.

Get Secure

Secure everything you build, host and run with Aikido

Get Secure

🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium

🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium

🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US

Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.

The Intel vulnerability and malware feed is licensed under a dual license.