Powered by AI + Aikido Research Team
Aikido Intel- Open Source Threat Intelligence
Your earliest warning for supply chain threats.
We expose malware and vulnerabilities in open-source ecosystems, within minutes.
vulnerabilities
1
3
7
0
malware
1
0
6
6
9
6
NO CVE
High Riskunstructured is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Upgrade the unstructured library to the patch version.
Nov 14, 2025
AIKIDO-2025-10810
NO CVE
Medium Riskjs-yaml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Upgrade the js-yaml library to the patch version.
Nov 14, 2025
AIKIDO-2025-10809
NO CVE
Low Riskheapless is vulnerable to Heap Inspection
Upgrade the heapless library to the patch version.
Nov 12, 2025
AIKIDO-2025-10808
CVE-2025-64500
High Risksymfony/http-foundation is vulnerable to Authorization Bypass
Upgrade the symfony/http-foundation library to a patch version.
Nov 12, 2025
AIKIDO-2025-10807
NO CVE
Medium Riskgithub.com/hashicorp/nomad is vulnerable to Authorization Bypass Through User-Controlled Key
Upgrade the github.com/hashicorp/nomad library to the patch version.
Nov 12, 2025
AIKIDO-2025-10806
NO CVE
Medium Riskastro is vulnerable to Improper Input Validation
Upgrade the astro library to the patch version.
Nov 12, 2025
AIKIDO-2025-10805
NO CVE
Medium Risk@ts-graphviz/ast is vulnerable to Denial of Service (DoS)
Upgrade the @ts-graphviz/ast library to the patch version.
Nov 12, 2025
AIKIDO-2025-10804
NO CVE
Low Riskerror_tracker is vulnerable to Generation of Error Message Containing Sensitive Information
Upgrade the error_tracker library to the patch version.
Nov 12, 2025
AIKIDO-2025-10803
NO CVE
Medium Riskfabric is vulnerable to Prototype Pollution
Upgrade the fabric library to the patch version.
Nov 12, 2025
AIKIDO-2025-10802
NO CVE
Low Riskfabric is vulnerable to Inefficient Regular Expression Complexity
Upgrade the fabric library to the patch version.
Nov 12, 2025
AIKIDO-2025-10801
CVE-2025-64484
High Riskgithub.com/oauth2-proxy/oauth2-proxy/v7 is vulnerable to Server-side Request Forgery (SSRF)
Upgrade the github.com/oauth2-proxy/oauth2-proxy/v7 library to a patch version.
Nov 12, 2025
AIKIDO-2025-10800
NO CVE
Low Riskchainlit is vulnerable to Improper Authorization
Upgrade the chainlit library to the patch version.
Nov 12, 2025
AIKIDO-2025-10799
NO CVE
Low Riskazure-ai-evaluation is vulnerable to Insertion of Sensitive Information into Log File
Upgrade azure-ai-evaluation to a patch version.
Nov 12, 2025
AIKIDO-2025-10798
NO CVE
High Riskultralytics is vulnerable to Remote Code Execution (RCE)
Upgrade the ultralytics library to the patch version.
Nov 12, 2025
AIKIDO-2025-10797
NO CVE
Medium Risk@portkey-ai/gateway is vulnerable to Server-Side Request Forgery (SSRF)
Upgrade the @portkey-ai/gateway library to the patch version.
Nov 12, 2025
AIKIDO-2025-10796
NO CVE
Medium Riskgithub.com/operator-framework/operator-lifecycle-manager is vulnerable to Authentication Bypass
Upgrade the github.com/operator-framework/operator-lifecycle-manager library to the patch version.
Nov 12, 2025
AIKIDO-2025-10795
NO CVE
High Riskletta is vulnerable to Path Traversal
Upgrade the letta library to the patch version.
Nov 12, 2025
AIKIDO-2025-10794
NO CVE
Low RiskSentry is vulnerable to Information Disclosure
Upgrade the Sentry library to a patch version.
Nov 12, 2025
AIKIDO-2025-10793
NO CVE
Low Riskopenc3 is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the openc3 library to the patch version.
Nov 12, 2025
AIKIDO-2025-10792
NO CVE
Low Riskopenc3 is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the openc3 library to the patch version.
Nov 12, 2025
AIKIDO-2025-10791
NO CVE
Low Risk@inrupt/solid-client-vc is vulnerable to Denial of Service (DoS)
Upgrade the @inrupt/solid-client-vc library to the patch version.
Nov 12, 2025
AIKIDO-2025-10790
NO CVE
Low Riskgithub.com/mazrean/formstream is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Upgrade the github.com/mazrean/formstream library to the patch version.
Nov 11, 2025
AIKIDO-2025-10789
NO CVE
Low Riskgoogle-cloud-storage is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Upgrade the google-cloud-storage library to the patch version.
Nov 10, 2025
AIKIDO-2025-10787
NO CVE
Low Riskgithub.com/victoriametrics/victoriametrics is vulnerable to Denial of Service (DoS)
Upgrade the github.com/victoriametrics/victoriametrics library to the patch version.
Nov 10, 2025
AIKIDO-2025-10786
NO CVE
Low Risksnakemake is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the snakemake library to a patch version.
Nov 10, 2025
AIKIDO-2025-10785
NO CVE
Low Riskgithub.com/hashicorp/consul-template is vulnerable to Denial of Service (DoS)
Upgrade the github.com/hashicorp/consul-template library to the patch version.
Nov 10, 2025
AIKIDO-2025-10784
CVE-2025-12761
Medium Riskdrupal/simple_multistep is vulnerable to Cross-site Scripting (XSS)
Upgrade the drupal/simple_multistep library to the patch version.
Nov 10, 2025
AIKIDO-2025-10783
CVE-2025-12760
Medium Riskdrupal/email_tfa is vulnerable to Access bypass
Upgrade the drupal/email_tfa library to the patch version.
Nov 10, 2025
AIKIDO-2025-10782
NO CVE
Medium Riskgithub.com/kserve/kserve is vulnerable to Insufficiently Protected Credentials
Upgrade the github.com/kserve/kserve library to the patch version.
Nov 10, 2025
AIKIDO-2025-10781
CVE-2025-57353
Medium Risk@messageformat/runtime is vulnerable to Prototype Pollution
Upgrade the @messageformat/runtime library to the patch version.
Nov 10, 2025
AIKIDO-2025-10780
CVE-2025-62711
Low Riskcranelift-codegen is vulnerable to Improper Handling of Exceptional Conditions
Upgrade the cranelift-codegen library to the patch version.
Nov 10, 2025
AIKIDO-2025-10778
NO CVE
High Risktaskcluster is vulnerable to Zip Slip
Upgrade taskcluster to the patch version.
Nov 10, 2025
AIKIDO-2025-10777
NO CVE
Critical django-dbbackup is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Check if your data is not compromised and make sure STORAGES['dbbackup'] is set. Upgrading the django-dbbackup library to the patch version is not necessary but recommended to ensure that the fix is applied.
Nov 7, 2025
AIKIDO-2025-10776
CVE-2024-6485
Medium Riskbootstrap is vulnerable to Cross-site Scripting (XSS)
To fix this vulnerability, upgrade to a later, supported version of Bootstrap, as version 3 is end-of-life and no longer receives security updates.
Nov 6, 2025
AIKIDO-2025-10775
NO CVE
Medium Riskmailauth is vulnerable to Prototype Pollution
Upgrade the mailauth library to the patch version.
Nov 6, 2025
AIKIDO-2025-10774
NO CVE
Medium Riskpeewee is vulnerable to Inefficient Regular Expression Complexity
Upgrade the peewee library to the patch version.
Nov 6, 2025
AIKIDO-2025-10773
Our intel, your security
Open-source
Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.
License the intel database
Want to integrate our threat intelligence into your product? Get access through our commercial API.
© 2025 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.