aikido.dev
Submit a Fix
Go To App
Powered by AI + Aikido Research team
Aikido Intel
We track 5 million open-source packages, exposing vulnerabilities before they get CVE numbers. Many never do.
Human verified threat feed
655
vulnerabilities exposed
Detect blind spots in NVD & Github Advisory DB
Sort on
Date
Sort on
Date
Severity
NO CVE
Medium
Risk
grcov is vulnerable to Out-of-bounds Write
Upgrade the grcov library to the patch version.
Feb 11, 2025
AIKIDO-2025-10089
NO CVE
High
Risk
markitdown is vulnerable to Path Traversal
Upgrade the markitdown library to the patch version.
Feb 11, 2025
AIKIDO-2025-10088
NO CVE
Low
Risk
github.com/zalando/skipper is vulnerable to Denial of Service (DoS)
Upgrade the github.com/zalando/skipper library to the patch version.
Feb 11, 2025
AIKIDO-2025-10087
NO CVE
Low
Risk
litellm is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Upgrade the litellm library to the patch version.
Feb 10, 2025
AIKIDO-2025-10086
NO CVE
Low
Risk
solana-agent-kit is vulnerable to Insertion of Sensitive Information into Log File
Upgrade solana-agent-kit to a patch version.
Feb 10, 2025
AIKIDO-2025-10085
NO CVE
Low
Risk
elm-watch is vulnerable to Cross-Site WebSocket Hijacking
Upgrade the elm-watch library to the patch version.
Feb 10, 2025
AIKIDO-2025-10084
NO CVE
High
Risk
@rpldy/uploady is vulnerable to Prototype Pollution
Upgrade the @rpldy/uploady library to the patch version.
Feb 9, 2025
AIKIDO-2025-10083
NO CVE
Low
Risk
redoc is vulnerable to Prototype Pollution
Upgrade redoc to a patch version.
Feb 7, 2025
AIKIDO-2025-10082
NO CVE
Medium
Risk
php-date-formatter is vulnerable to Prototype Pollution
Upgrade php-date-formatter to a patch version.
Feb 7, 2025
AIKIDO-2025-10081
NO CVE
Medium
Risk
github.com/cosmwasm/wasmvm is vulnerable to NULL Pointer Dereference
Upgrade the github.com/cosmwasm/wasmvm library to the patch version.
Feb 7, 2025
AIKIDO-2025-10080
NO CVE
Medium
Risk
@nuxtjs/mdc is vulnerable to Cross-site Scripting (XSS)
Upgrade the @nuxtjs/mdc library to the patch version.
Feb 6, 2025
AIKIDO-2025-10079
NO CVE
Medium
Risk
unstructured is vulnerable to Exposure of Resource to Wrong Sphere
Upgrade the unstructured library to the patch version.
Feb 6, 2025
AIKIDO-2025-10078
NO CVE
Low
Risk
FirebaseFirestoreInternalBinary is vulnerable to Use-After-Free
Upgrade the FirebaseFirestoreInternalBinary library to the patch version.
Feb 6, 2025
AIKIDO-2025-10077
NO CVE
Medium
Risk
litellm is vulnerable to Authorization Bypass
Upgrade the litellm library to the patch version.
Feb 6, 2025
AIKIDO-2025-10076
NO CVE
Medium
Risk
sdd is vulnerable to Use after free
Upgrade the sdd library to the patch version.
Feb 5, 2025
AIKIDO-2025-10075
NO CVE
Low
Risk
dompurify is vulnerable to Cross-site Scripting (XSS)
Upgrade the dompurify library to a patch version.
Feb 5, 2025
AIKIDO-2025-10074
NO CVE
Low
Risk
opentelemetry-instrumentation-redis is vulnerable to Exposure of Sensitive Information
Upgrade the opentelemetry-instrumentation-redis library to the patch version.
Feb 5, 2025
AIKIDO-2025-10073
NO CVE
Low
Risk
github.com/ydb-platform/ydb-go-sdk/v3 is vulnerable to Infinite Loop
Upgrade the github.com/ydb-platform/ydb-go-sdk/v3 library to the patch version.
Feb 4, 2025
AIKIDO-2025-10072
NO CVE
Low
Risk
apoc is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the org.neo4j.procedure:apoc library to the patch version.
Feb 4, 2025
AIKIDO-2025-10071
GHSA-rpmj-rpgj-qmpm
Medium
Risk
openssl is vulnerable to Use after free
Upgrade the openssl library to the patch version.
Feb 3, 2025
AIKIDO-2025-10070
NO CVE
Low
Risk
postgres-types is vulnerable to Uncaught Exception
Upgrade the postgres-types library to the patch version.
Feb 3, 2025
AIKIDO-2025-10069
CVE-2023-22102
High
Risk
mysql-connector-java is vulnerable to Remote code execution
The namespace of this package has been changed on Maven to https://mvnrepository.com/artifact/com.mysql/mysql-connector-j. Upgrade to at least version 8.2.0 of this new package.
Feb 3, 2025
AIKIDO-2025-10068
NO CVE
Low
Risk
github.com/ydb-platform/ydb-go-sdk/v3 is vulnerable to NULL Pointer Dereference
Upgrade the github.com/ydb-platform/ydb-go-sdk/v3 library to the patch version.
Feb 3, 2025
AIKIDO-2025-10067
NO CVE
Low
Risk
@napi-rs/canvas is vulnerable to Uncaught Exception
Upgrade the @napi-rs/canvas library to the patch version.
Feb 3, 2025
AIKIDO-2025-10066
NO CVE
Low
Risk
fast-float is vulnerable to Out-of-bounds Read
Remove fast-float from your application and replace with the fast-float2 package version >=0.2.2.
Jan 31, 2025
AIKIDO-2025-10065
NO CVE
Low
Risk
laravel/framework is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the laravel/framework library to the patch version.
Jan 31, 2025
AIKIDO-2025-10064
NO CVE
Low
Risk
questdb is vulnerable to Memory Leak
Upgrade the questdb library to the patch version.
Jan 31, 2025
AIKIDO-2025-10063
NO CVE
Low
Risk
dompurify is vulnerable to Cross-site Scripting (XSS)
Upgrade the dompurify library to a patch version.
Jan 30, 2025
AIKIDO-2025-10062
NO CVE
Low
Risk
fast-float2 is vulnerable to Out-of-bounds Read
Upgrade the fast-float2 library to the patch version.
Jan 30, 2025
AIKIDO-2025-10061
NO CVE
High
Risk
torch is vulnerable to Remote Code Execution (RCE)
Upgrade the torch library to the patch version.
Jan 29, 2025
AIKIDO-2025-10060
NO CVE
Low
Risk
applicationinsights-agent is vulnerable to Insertion of Sensitive Information into Log File
Upgrade the applicationinsights-agent library to the patch version.
Jan 29, 2025
AIKIDO-2025-10059
NO CVE
Medium
Risk
django-autocomplete-light is vulnerable to Cross-site Scripting (XSS)
Upgrade the django-autocomplete-light library to the patch version.
Jan 29, 2025
AIKIDO-2025-10058
NO CVE
Low
Risk
symfony/security-http is vulnerable to Generation of Error Message Containing Sensitive Information
Upgrade the symfony/security-http library to the patch version.
Jan 29, 2025
AIKIDO-2025-10057
CVE-2025-24357
High
Risk
vllm is vulnerable to Unsafe Deserialization
Upgrade the vllm library to the patch version.
Jan 28, 2025
AIKIDO-2025-10056
NO CVE
Medium
Risk
@nuxt/content is vulnerable to Improper Input Validation
Upgrade the @nuxt/content library to the patch version.
Jan 28, 2025
AIKIDO-2025-10055
NO CVE
Medium
Risk
pip is vulnerable to Arbitrary Code Execution
Upgrade the pip library to the patch version.
Jan 28, 2025
AIKIDO-2025-10054
Show More
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the
intel.aikido.dev
website and content is explicitly subject to
Aikido Terms of Use